#VU121404 Improper locking in Linux kernel - CVE-2025-68786
Published: January 14, 2026
Vulnerability identifier: #VU121404
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-68786
CWE-ID: CWE-667
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_lock_range() and ksmbd_vfs_truncate() functions in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/52fcbb92e0d3acfd1448b2a43b6595d540da5295
- https://git.kernel.org/stable/c/571204e4758a528fbd67330bd4b0dfbdafb33dd8
- https://git.kernel.org/stable/c/5d510ac31626ed157d2182149559430350cf2104
- https://git.kernel.org/stable/c/a6f4cfa3783804336491e0edcb250c25f9b59d33
- https://git.kernel.org/stable/c/da29cd197246c85c0473259f1cad897d9d28faea