CVE-2025-21962

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:*

History

14 Apr 2025, 12:44

Type Values Removed Values Added
First Time Linux linux Kernel
Linux
References () https://git.kernel.org/stable/c/1c46673be93dd2954f44fe370fb4f2b8e6214224 - () https://git.kernel.org/stable/c/1c46673be93dd2954f44fe370fb4f2b8e6214224 - Patch
References () https://git.kernel.org/stable/c/513f6cf2e906a504b7ab0b62b2eea993a6f64558 - () https://git.kernel.org/stable/c/513f6cf2e906a504b7ab0b62b2eea993a6f64558 - Patch
References () https://git.kernel.org/stable/c/6c13fcb7cf59ae65940da1dfea80144e42921e53 - () https://git.kernel.org/stable/c/6c13fcb7cf59ae65940da1dfea80144e42921e53 - Patch
References () https://git.kernel.org/stable/c/9968fcf02cf6b0f78fbacf3f63e782162603855a - () https://git.kernel.org/stable/c/9968fcf02cf6b0f78fbacf3f63e782162603855a - Patch
References () https://git.kernel.org/stable/c/b24edd5c191c2689c59d0509f0903f9487eb6317 - () https://git.kernel.org/stable/c/b24edd5c191c2689c59d0509f0903f9487eb6317 - Patch
References () https://git.kernel.org/stable/c/d5a30fddfe2f2e540f6c43b59cf701809995faef - () https://git.kernel.org/stable/c/d5a30fddfe2f2e540f6c43b59cf701809995faef - Patch
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CWE CWE-190
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*

10 Apr 2025, 13:15

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: Se corrige un desbordamiento de enteros al procesar la opción de montaje closetimeo. El parámetro de montaje proporcionado por el usuario, closetimeo, de tipo u32, está diseñado para tener un límite superior, pero antes de su validación, el valor se convierte de segundos a jiffies, lo que puede provocar un desbordamiento de enteros. Encontrado por el Centro de Verificación de Linux (linuxtesting.org) con SVACE.
References
  • () https://git.kernel.org/stable/c/513f6cf2e906a504b7ab0b62b2eea993a6f64558 -

01 Apr 2025, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-01 16:15

Updated : 2025-10-01 20:18


NVD link : CVE-2025-21962

Mitre link : CVE-2025-21962

CVE.ORG link : CVE-2025-21962


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-190

Integer Overflow or Wraparound