SB2025052115 - Out-of-bounds read in Linux kernel smb server
Published: May 21, 2025 Updated: November 14, 2025
Security Bulletin ID
SB2025052115
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-37947)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ksmbd_vfs_stream_write() function in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/04c8a38c60346bb5a7c49b276de7233f703ce9cb
- https://git.kernel.org/stable/c/0ca6df4f40cf4c32487944aaf48319cb6c25accc
- https://git.kernel.org/stable/c/7f61da79df86fd140c7768e668ad846bfa7ec8e1
- https://git.kernel.org/stable/c/d62ba16563a86aae052f96d270b3b6f78fca154c
- https://git.kernel.org/stable/c/e6356499fd216ed6343ae0363f4c9303f02c5034