CVE-2025-21963

Sažetak

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Reference

https://git.kernel.org/stable/c/0c26edf477e093cefc41637f5bccc102e1a77399
https://git.kernel.org/stable/c/2809a79bc64964ce02e0c5f2d6bd39b9d09bdb3c
https://git.kernel.org/stable/c/39d086bb3558da9640ef335f97453e01d32578a1
https://git.kernel.org/stable/c/5b29891f91dfb8758baf1e2217bef4b16b2b165b
https://git.kernel.org/stable/c/6124cbf73e3dea7591857dd63b8ccece28952afd
https://git.kernel.org/stable/c/9e438d0410a4002d24f420f2c28897ba2dc0af64

CVSS

Base:	5.5
Impact:	3.6
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Zadnje važnije ažuriranje

14-04-2025 - 12:41

Objavljeno

01-04-2025 - 16:15