CVE-2025-21844

smb: client: Add check for next_buffer in receive_encrypted_standard()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get()
in receive_encrypted_standard() to prevent null pointer dereference.

In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encrypted_standard() to prevent null pointer dereference.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-29 CVE Reserved
2025-03-12 CVE Published
2025-03-12 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/9f528a8e68327117837b5e28b096f52af4c26a05	Vuln. Introduced
https://git.kernel.org/stable/c/534733397da26de0303057ce0b93a22bda150365	Vuln. Introduced
https://git.kernel.org/stable/c/eec04ea119691e65227a97ce53c0da6b9b74b0b7	Vuln. Introduced
https://git.kernel.org/stable/c/b03c8099a738a04d2343547ae6a04e5f0f63d3fa	Vuln. Introduced
https://git.kernel.org/stable/c/858e73ff25639a0cc1f6f8d2587b62c045867e41	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/24e8e4523d3071bc5143b0db9127d511489f7b3b	2025-03-07
https://git.kernel.org/stable/c/9e5d99a4cf2e23c716b44862975548415fae5391	2025-02-27
https://git.kernel.org/stable/c/a9b0b4b29877cb4dc5d0842b59b5ccbacddb85bd	2025-02-27
https://git.kernel.org/stable/c/554736b583f529ee159aa95af9a0cbc12b5ffc96	2025-02-27
https://git.kernel.org/stable/c/860ca5e50f73c2a1cef7eefc9d39d04e275417f7	2025-02-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.69 < 6.1.130 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.69 < 6.1.130"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.8 < 6.6.80 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.8 < 6.6.80"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.12.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.12.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.13.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.13.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.14-rc4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.14-rc4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.10.211 Search vendor "Linux" for product "Linux Kernel" and version "5.10.211"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15.150 Search vendor "Linux" for product "Linux Kernel" and version "5.15.150"		en		Affected