Primary

Context

Linux Kernel ksmbd Out-of-Bounds Read Vulnerability in SMB2 Write Handling

Vulnerability

Patched

A vulnerability in the Linux kernel's ksmbd component allows for an out-of-bounds read during SMB2 write operations. The issue arises because the ksmbd_smb2_check_message function does not properly validate the NextCommand header. If NextCommand exceeds the combined Offset and Length of the SMB2 write, it can lead to an oversized write length, causing the out-of-bounds read.

Impact

Exploitation of this vulnerability causes an out-of-bounds read, which can potentially be exploited to read sensitive information from memory or to cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending an SMB2 write request with a NextCommand value that exceeds the allowed length, bypassing the header validation and triggering the out-of-bounds read.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been patched.

Added: Aug 16, 2025, 2:24 PM

Updated: Aug 16, 2025, 2:24 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ksmbd Out-of-Bounds Read Vulnerability in SMB2 Write Handling

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating