Volerion logoVolerion
Volerion logoVolerion

Linux Kernel SMB2 Compound Operation Indexing Vulnerability

Vulnerability

A vulnerability in the Linux kernel's SMB client has been addressed, specifically within the SMB2 compound operation handling. The issue arose from incorrect index references when processing command responses, leading to improper result management. This misindexing could cause out-of-bounds accesses if the computed index exceeded or matched a predefined maximum. The vulnerability affected several versions of the Linux kernel.

Impact

The vulnerability could lead to out-of-bounds memory access, potentially causing a denial of service or allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using the SMB2 protocol in the Linux kernel. When the SMB2 compound operation is executed, the incorrect indexing in the response handling can be observed, leading to improper command result processing and out-of-bounds memory access.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Oct 15, 2025, 8:48 AM
Updated: Oct 15, 2025, 8:48 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.4
remediation
7.7
relevance
0.7
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.