CVE-2025-68246
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's ksmbd component, where when the per-IP connection limit is exceeded, the code fails to close the newly accepted socket. Instead, it sets an error and continues accepting connections, which causes a socket to be leaked for each rejected connection attempt from a single IP. This leads to resource exhaustion and enables a trivial remote denial-of-service (DoS) attack.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to exhaust system resources through leaking sockets when the per-IP connection limit is exceeded. This can cause a denial-of-service (DoS) condition, making the affected system unresponsive or unable to accept legitimate connections.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Linux kernel to a version where the ksmbd per-IP connection limit bug is fixed. This fix ensures that accepted sockets are properly closed when the per-IP limit is exceeded, preventing socket leaks and remote DoS attacks.