| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025101557-CVE-2025-39975-d1a3@gregkh> Date: Wed, 15 Oct 2025 09:57:03 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-39975: smb: client: fix wrong index reference in smb2_compound_op() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: smb: client: fix wrong index reference in smb2_compound_op() In smb2_compound_op(), the loop that processes each command's response uses wrong indices when accessing response bufferes. This incorrect indexing leads to improper handling of command results. Also, if incorrectly computed index is greather than or equal to MAX_COMPOUND, it can cause out-of-bounds accesses. The Linux kernel CVE team has assigned CVE-2025-39975 to this issue. Affected and fixed versions =========================== Issue introduced in 6.6.75 with commit 5ddcc9e92d54548219985ce4de88618fb53e14ec and fixed in 6.6.109 with commit ba7bcfd52c66dd1c2dfa5142aca7e4a70b62dfa5 Issue introduced in 6.12.12 with commit efe8db3ecaa40a8520dc9a54283dcecd82ceea9c and fixed in 6.12.50 with commit bfb1e2aad1fecef8320fd71332acde0d53a8d699 Issue introduced in 6.14 with commit 3681c74d342db75b0d641ba60de27bf73e16e66b and fixed in 6.16.10 with commit 093615fc76063ea08d454ba86677ce64c736e806 Issue introduced in 6.14 with commit 3681c74d342db75b0d641ba60de27bf73e16e66b and fixed in 6.17 with commit fbe2dc6a9c7318f7263f5e4d50f6272b931c5756 Issue introduced in 6.13.1 with commit 77aefd1d9b790f60634adebbdcfffbe934f41c34 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-39975 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/smb/client/smb2inode.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ba7bcfd52c66dd1c2dfa5142aca7e4a70b62dfa5 https://git.kernel.org/stable/c/bfb1e2aad1fecef8320fd71332acde0d53a8d699 https://git.kernel.org/stable/c/093615fc76063ea08d454ba86677ce64c736e806 https://git.kernel.org/stable/c/fbe2dc6a9c7318f7263f5e4d50f6272b931c5756
Powered by blists - more mailing lists