| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121634-CVE-2025-68246-7c3d@gregkh> Date: Tue, 16 Dec 2025 15:21:38 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68246: ksmbd: close accepted socket when per-IP limit rejects connection From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ksmbd: close accepted socket when per-IP limit rejects connection When the per-IP connection limit is exceeded in ksmbd_kthread_fn(), the code sets ret = -EAGAIN and continues the accept loop without closing the just-accepted socket. That leaks one socket per rejected attempt from a single IP and enables a trivial remote DoS. Release client_sk before continuing. This bug was found with ZeroPath. The Linux kernel CVE team has assigned CVE-2025-68246 to this issue. Affected and fixed versions =========================== Fixed in 6.1.159 with commit 7a3c7154d5fc05956a8ad9e72ecf49e21555bfca Fixed in 6.6.117 with commit 5746b2a0f5eb3d79667b3c51fe849bd62464220e Fixed in 6.12.59 with commit 4587a7826be1ae0190dba10ff70b46bb0e3bc7d3 Fixed in 6.17.9 with commit 35521b5a7e8a184548125f4530552101236dcda1 Fixed in 6.18 with commit 98a5fd31cbf72d46bf18e50b3ab0ce86d5f319a9 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68246 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/smb/server/transport_tcp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7a3c7154d5fc05956a8ad9e72ecf49e21555bfca https://git.kernel.org/stable/c/5746b2a0f5eb3d79667b3c51fe849bd62464220e https://git.kernel.org/stable/c/4587a7826be1ae0190dba10ff70b46bb0e3bc7d3 https://git.kernel.org/stable/c/35521b5a7e8a184548125f4530552101236dcda1 https://git.kernel.org/stable/c/98a5fd31cbf72d46bf18e50b3ab0ce86d5f319a9
Powered by blists - more mailing lists