CVE-2025-21963

Summary

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix integer overflow while processing acdirmax mount option

User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4c9f948142a550af416a2bfb5e56d29ce29e92cf < 0c26edf477e093cefc41637f5bccc102e1a77399affected
LinuxLinux4c9f948142a550af416a2bfb5e56d29ce29e92cf < 39d086bb3558da9640ef335f97453e01d32578a1affected
LinuxLinux4c9f948142a550af416a2bfb5e56d29ce29e92cf < 9e438d0410a4002d24f420f2c28897ba2dc0af64affected
LinuxLinux4c9f948142a550af416a2bfb5e56d29ce29e92cf < 2809a79bc64964ce02e0c5f2d6bd39b9d09bdb3caffected
LinuxLinux4c9f948142a550af416a2bfb5e56d29ce29e92cf < 6124cbf73e3dea7591857dd63b8ccece28952afdaffected
LinuxLinux4c9f948142a550af416a2bfb5e56d29ce29e92cf < 5b29891f91dfb8758baf1e2217bef4b16b2b165baffected
LinuxLinux5.12affected
LinuxLinux0 < 5.12unaffected
LinuxLinux5.15.180 <= 5.15.*unaffected
LinuxLinux6.1.132 <= 6.1.*unaffected
LinuxLinux6.6.84 <= 6.6.*unaffected
LinuxLinux6.12.20 <= 6.12.*unaffected
LinuxLinux6.13.8 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References