SB2025090464 - Out-of-bounds read in Linux kernel smb client
Published: September 4, 2025
Security Bulletin ID
SB2025090464
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-38728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sizeof() function in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/7d34ec36abb84fdfb6632a0f2cbda90379ae21fc
- https://git.kernel.org/stable/c/8de33d4d72e8fae3502ec3850bd7b14e7c7328b6
- https://git.kernel.org/stable/c/9bdb8e98a0073c73ab3e6c631ec78877ceb64565
- https://git.kernel.org/stable/c/a0620e1525663edd8c4594f49fb75fe5be4724b0
- https://git.kernel.org/stable/c/a542f93a123555d09c3ce8bc947f7b56ad8e6463
- https://git.kernel.org/stable/c/f6eda5b0e8f8123564c5b34f5801d63243032eac