CVE-2025-68806
ksmbd: fix buffer validation by including null terminator size in EA length
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2_set_ea function, which handles Extended Attributes (EA),
was performing buffer validation checks that incorrectly omitted the size
of the null terminating character (+1 byte) for EA Name.
This patch fixes the issue by explicitly adding '+ 1' to EaNameLength where
the null terminator is expected to be present in the buffer, ensuring
the validation accurately reflects the total required buffer size.
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2_set_ea function, which handles Extended Attributes (EA), was performing buffer validation checks that incorrectly omitted the size of the null terminating character (+1 byte) for EA Name. This patch fixes the issue by explicitly adding '+ 1' to EaNameLength where the null terminator is expected to be present in the buffer, ensuring the validation accurately reflects the total required buffer size.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2025-12-24 CVE Reserved
- 2026-01-13 CVE Published
- 2026-01-14 CVE Updated
- 2026-01-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/d070c4dd2a5bed4e9832eec5b6c029c7d14892ea | Vuln. Introduced | |
| https://git.kernel.org/stable/c/0ba5439d9afa2722e7728df56f272c89987540a4 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/bb5bf157b5be1643cccc7cbbe57fcdef9ae52c2c | Vuln. Introduced | |
| https://git.kernel.org/stable/c/1a13ecb96230e8b7b91967e292836f7b01ec8111 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/404e7c01e16288b5e0171d1d8fd3328e806d0794 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.52 < 6.1.160 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.52 < 6.1.160" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6 < 6.6.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.6.120" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6 < 6.12.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.12.64" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6 < 6.18.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.18.3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6 < 6.19-rc2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.19-rc2" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.15.131 Search vendor "Linux" for product "Linux Kernel" and version "5.15.131" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.4.15 Search vendor "Linux" for product "Linux Kernel" and version "6.4.15" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5.2 Search vendor "Linux" for product "Linux Kernel" and version "6.5.2" | en |
Affected
| ||||||