SB2025081867 - Input validation error in Linux kernel ksmbd
Published: August 18, 2025 Updated: August 29, 2025
Security Bulletin ID
SB2025081867
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2023-32249)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntlm_authenticate() and smb2_sess_setup() functions in fs/ksmbd/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/088131b7b01099720a528a72005ff17868705d40
- https://git.kernel.org/stable/c/1f0490586544455e5be698be2e6c30077b4ec461
- https://git.kernel.org/stable/c/3353ab2df5f68dab7da8d5ebb427a2d265a1f2b2
- https://git.kernel.org/stable/c/4a98e859c4673013385a54084e0cd865695ca072
- https://git.kernel.org/stable/c/ed76d3a8910be06cd4e4ba63bf6075bf903945a1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.112