SB2025040250 - Out-of-bounds read in Linux kernel smb server
Published: April 2, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025040250
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-21946)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_sid() and parse_sec_desc() functions in fs/smb/server/smbacl.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/159d059cbcb0e6d0e7a7b34af3862ba09a6b22d1
- https://git.kernel.org/stable/c/6a9831180d0b23b5c97e2bd841aefc8f82900172
- https://git.kernel.org/stable/c/c1569dbbe2d43041be9f3fef7ca08bec3b66ad1b
- https://git.kernel.org/stable/c/d6e13e19063db24f94b690159d0633aaf72a0f03
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.83