CVE-2025-68806Linux vulnerability

14 documents7 sources
Severity
6.4MEDIUM
No vector
EPSS
0.0%
top 88.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
LinuxLinux KernelDebian Linux+11 more
Timeline
PublishedJan 13
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2_set_ea function, which handles Extended Attributes (EA), was performing buffer validation checks that incorrectly omitted the size of the null terminating character (+1 byte) for EA Name. This patch fixes the issue by explicitly adding '+ 1' to EaNameLength where the null terminator is expected to be present in the buffer, ensuring the validat

Affected Packages15 packages

Linuxlinux/linux_kernel6.2.06.6.120+3
Debianlinux/linux_kernel< 6.1.162-1+2
CVEListV5linux/linuxd070c4dd2a5bed4e9832eec5b6c029c7d14892eacae52c592a07e1d3fa3338a5f064a374a5f26750+8
debiandebian/linux< linux 6.1.162-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.162-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-4wfq-6xp5-vp47: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The2026-01-13
OSV
ksmbd: fix buffer validation by including null terminator size in EA length2026-01-13
OSV
CVE-2025-68806: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The sm2026-01-13

📋Vendor Advisories

9
Ubuntu
Linux kernel (GCP) vulnerabilities2026-04-17
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17

🕵️Threat Intelligence

1
Wiz
CVE-2025-68806 Impact, Exploitability, and Mitigation Steps | Wiz