CVE-2025-68806

EPSS 0.02%
Veröffentlicht 13.01.2026 15:29:13
Zuletzt bearbeitet 14.01.2026 16:26:00
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix buffer validation by including null terminator size in EA length

The smb2_set_ea function, which handles Extended Attributes (EA),
was performing buffer validation checks that incorrectly omitted the size
of the null terminating character (+1 byte) for EA Name.
This patch fixes the issue by explicitly adding '+ 1' to EaNameLength where
the null terminator is expected to be present in the buffer, ensuring
the validation accurately reflects the total required buffer size.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < cae52c592a07e1d3fa3338a5f064a374a5f26750

Version d070c4dd2a5bed4e9832eec5b6c029c7d14892ea

Status affected

Version < a28a375a5439eb474e9f284509a407efb479c925

Version 0ba5439d9afa2722e7728df56f272c89987540a4

Status affected

Version < d26af6d14da43ab92d07bc60437c62901dc522e6

Version 0ba5439d9afa2722e7728df56f272c89987540a4

Status affected

Version < 6dc8cf6e7998ef7aeb9383a4c2904ea5d22fa2e4

Version 0ba5439d9afa2722e7728df56f272c89987540a4

Status affected

Version < 95d7a890e4b03e198836d49d699408fd1867cb55

Version 0ba5439d9afa2722e7728df56f272c89987540a4

Status affected

Version bb5bf157b5be1643cccc7cbbe57fcdef9ae52c2c

Status affected

Version 1a13ecb96230e8b7b91967e292836f7b01ec8111

Status affected

Version 404e7c01e16288b5e0171d1d8fd3328e806d0794

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.6

Status affected

Version < 6.6

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.3

Status unaffected

Version <= *

Version 6.19-rc2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.056

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/cae52c592a07e1d3fa3338a5f064a374a5f26750

https://git.kernel.org/stable/c/a28a375a5439eb474e9f284509a407efb479c925

https://git.kernel.org/stable/c/d26af6d14da43ab92d07bc60437c62901dc522e6

https://git.kernel.org/stable/c/6dc8cf6e7998ef7aeb9383a4c2904ea5d22fa2e4

https://git.kernel.org/stable/c/95d7a890e4b03e198836d49d699408fd1867cb55

https://nvd.nist.gov/vuln/detail/CVE-2025-68806

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68806

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68806

EUVD