CVE-2025-21748

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix integer overflows on 32 bit systems

On 32bit systems the addition operations in ipc_msg_alloc() can potentially overflow leading to memory corruption. Add bounds checking using KSMBD_IPC_MAX_PAYLOAD to avoid overflow.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < f3b9fb2764591d792d160f375851013665a9e820affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 760568c1f62ea874e8fb492f9cfa4f47b4b8391eaffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 82f59d64e6297f270311b16b5dcf65be406d1ea3affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < b4b902737746c490258de5cb55cab39e79927a67affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < ecb9947fa7c99a77b04d43404c6988a0d326e4a0affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < aab98e2dbd648510f8f51b83fbf4721206ccae45affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.179 <= 5.15.*unaffected
LinuxLinux6.1.129 <= 6.1.*unaffected
LinuxLinux6.6.78 <= 6.6.*unaffected
LinuxLinux6.12.14 <= 6.12.*unaffected
LinuxLinux6.13.3 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References