CVE-2025-68806
BaseFortify
Publication date: 2026-01-13
Last updated on: 2026-01-14
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
Because the buffer validation omitted the null terminator size, it could potentially allow malformed or improperly sized buffers to be processed, which might lead to buffer overflows or memory corruption. This could result in system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service.
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's ksmbd component, specifically in the smb2_set_ea function that handles Extended Attributes (EA). The function was incorrectly validating buffers by not including the size of the null terminator character in the EA Name length calculation. This omission could lead to improper buffer validation. The fix adds '+1' to the EaNameLength to account for the null terminator, ensuring the buffer size validation is accurate.