CVE-2025-37775
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix the warning from __kernel_write_iter [ 2110.972290] ------------[ cut here ]------------ [ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280 This patch doesn't allow writing to directory.
Analysis
A denial of service vulnerability exists in the Linux kernel's ksmbd (SMB server) subsystem where the __kernel_write_iter function can be triggered to issue kernel warnings when attempting to write to directory objects. The vulnerability affects Linux kernel versions including 6.15-rc1, 6.15-rc2, and potentially earlier versions across multiple distributions including Debian 11.0. A local attacker with low privileges can trigger this condition to cause a denial of service, though the EPSS score of 0.06% (19th percentile) and availability of vendor patches indicate this is a low-priority exploitation risk in practice.
Technical Context
The vulnerability resides in the ksmbd kernel subsystem, which implements an SMB (Server Message Block) file sharing protocol server for Linux. The root cause involves improper validation in the __kernel_write_iter function (fs/read_write.c:599) that fails to prevent write operations targeting directory inodes rather than regular files. The vulnerability is classified as a logic error where directory write attempts trigger kernel warnings and potential denial of service. This affects the Linux kernel SMB implementation (cpe:2.3:o:linux:linux_kernel:*) across multiple versions, with specific confirmation for 6.15-rc1 and 6.15-rc2 branches. The CWE classification was not provided, but the root cause appears to be improper input validation (CWE-20 class) in the file I/O subsystem.
Affected Products
The Linux kernel is the primary affected product, with confirmed vulnerable versions including 6.15-rc1 and 6.15-rc2, though earlier stable releases likely contain the vulnerability. The CPE cpe:2.3:o:linux:linux_kernel indicates broad Linux kernel family impact. Debian Linux 11.0 (Bullseye) is explicitly affected as indicated by CPE cpe:2.3:o:debian:debian_linux:11.0. Distributions shipping vulnerable kernel versions including Red Hat Enterprise Linux, Ubuntu, and other enterprise Linux distributions are transitively affected. Patches have been applied to the stable kernel tree as evidenced by multiple commit references (1ed343481ba6, 2a879da5c34a1, 44079e544c9f, b37f2f332b40, b7ce8db49028).
Remediation
Apply kernel security updates from your Linux distribution as soon as patches are available through normal update channels. For Debian 11.0 systems, ensure linux-image packages are updated to include commits 1ed343481ba6911178bc5ca7a51be319eafcc747 or later from the stable tree (details available via https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html). Kernel patches are available from the upstream stable kernel repository as referenced in the NVD links. Until patching is possible, restrict SMB share access (ksmbd) to trusted networks using firewall rules and disable SMB if not required. For systems requiring immediate mitigation, disabling the ksmbd kernel module via modprobe blacklist will prevent exploitation, though this eliminates SMB functionality. Test patches in non-production environments before production deployment.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today