CVE-2025-21962

Summary

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix integer overflow while processing closetimeo mount option

User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1d9cad9c5873097ea141ffc5da1e7921ce765aa8 < 513f6cf2e906a504b7ab0b62b2eea993a6f64558affected
LinuxLinux5efdd9122eff772eae2feae9f0fc0ec02d4846a3 < 9968fcf02cf6b0f78fbacf3f63e782162603855aaffected
LinuxLinux5efdd9122eff772eae2feae9f0fc0ec02d4846a3 < 6c13fcb7cf59ae65940da1dfea80144e42921e53affected
LinuxLinux5efdd9122eff772eae2feae9f0fc0ec02d4846a3 < 1c46673be93dd2954f44fe370fb4f2b8e6214224affected
LinuxLinux5efdd9122eff772eae2feae9f0fc0ec02d4846a3 < b24edd5c191c2689c59d0509f0903f9487eb6317affected
LinuxLinux5efdd9122eff772eae2feae9f0fc0ec02d4846a3 < d5a30fddfe2f2e540f6c43b59cf701809995faefaffected
LinuxLinux5.15.107 < 5.15.180affected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux5.15.180 <= 5.15.*unaffected
LinuxLinux6.1.132 <= 6.1.*unaffected
LinuxLinux6.6.84 <= 6.6.*unaffected
LinuxLinux6.12.20 <= 6.12.*unaffected
LinuxLinux6.13.8 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References