Volerion logoVolerion
Volerion logoVolerion

Linux Kernel ksmbd Slab-Out-Of-Bounds Vulnerability in SMB2 Response Header Initialization

Vulnerability

A slab-out-of-bounds vulnerability has been identified in the Linux kernel's ksmbd component, specifically within the SMB2 response header initialization function. This issue arises when an SMB1 mount fails, leading to improper handling of the SMB1 negotiation as SMB2 server operations. The vulnerability affects several Linux kernel versions through 6.1.21.

Impact

Exploitation of this vulnerability causes a slab-out-of-bounds error, which can lead to memory corruption.

Reproduction

The vulnerability can be reproduced by attempting to mount a share using the SMB1 protocol dialect. When the mount fails, the ksmbd server processes the SMB1 negotiation as if it were SMB2, triggering the slab-out-of-bounds condition in the response header initialization function.

Remediation

Users can upgrade to the latest stable version of the Linux kernel to address this vulnerability.

Added: Dec 30, 2025, 3:50 PM
Updated: Dec 30, 2025, 3:50 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
1.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.