CVE-2025-68806

2026-01-13 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 13, 2026 - 16:16 nvd
N/A

Tags

Linux Linux Kernel

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2_set_ea function, which handles Extended Attributes (EA), was performing buffer validation checks that incorrectly omitted the size of the null terminating character (+1 byte) for EA Name. This patch fixes the issue by explicitly adding '+ 1' to EaNameLength where the null terminator is expected to be present in the buffer, ensuring the validation accurately reflects the total required buffer size.

Analysis

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix buffer validation by including null terminator size in EA length

The smb2_set_ea function, which handles Extended Attributes (EA), was performing buffer validation checks that incorrectly omitted the size of the null terminating character (+1 byte) for EA Name.

Technical Context

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix buffer validation by including null terminator size in EA length

The smb2_set_ea function, which handles Extended Attributes (EA),

was performing buffer validation checks that incorrectly omitted the size

of the null terminating character (+1 byte) for EA Name.

This patch fixes the issue by explicitly adding '+ 1' to EaNameLength where

the null terminator is expected to be present in the buffer, ensuring

the validat

Affected Products

Component: EA length The smb2_set_ea.

Remediation

Monitor vendor advisories for a patch.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-68806 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy