CVE-2025-68806

Published: Jan 13, 2026

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2_set_ea function, which handles Extended Attributes (EA), was performing buffer validation checks that incorrectly omitted the size of the null terminating character (+1 byte) for EA Name. This patch fixes the issue by explicitly adding '+ 1' to EaNameLength where the null terminator is expected to be present in the buffer, ensuring the validation accurately reflects the total required buffer size.

Vendor	Product	Versions
Linux	Linux	affected `d070c4dd2a5bed4e9832eec5b6c029c7d14892ea - < cae52c592a07e1d3fa3338a5f064a374a5f26750` affected `0ba5439d9afa2722e7728df56f272c89987540a4 - < a28a375a5439eb474e9f284509a407efb479c925` affected `0ba5439d9afa2722e7728df56f272c89987540a4 - < d26af6d14da43ab92d07bc60437c62901dc522e6` affected `0ba5439d9afa2722e7728df56f272c89987540a4 - < 6dc8cf6e7998ef7aeb9383a4c2904ea5d22fa2e4` affected `0ba5439d9afa2722e7728df56f272c89987540a4 - < 95d7a890e4b03e198836d49d699408fd1867cb55` +7 more versions
Linux	Linux	affected `6.6` unaffected `0 - < 6.6` unaffected `6.1.160 - <= 6.1.` unaffected `6.6.120 - <= 6.6.` unaffected `6.12.64 - <= 6.12.*` +2 more versions

References

https://git.kernel.org/stable/c/cae52c592a07e1d3fa3338a5f064a374a5f26750

https://git.kernel.org/stable/c/a28a375a5439eb474e9f284509a407efb479c925

https://git.kernel.org/stable/c/d26af6d14da43ab92d07bc60437c62901dc522e6

https://git.kernel.org/stable/c/6dc8cf6e7998ef7aeb9383a4c2904ea5d22fa2e4

https://git.kernel.org/stable/c/95d7a890e4b03e198836d49d699408fd1867cb55

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-68806

Description

Affected Products

References