CVE-2025-21964

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0252c33cc943e9e48ddfafaa6b1eb72adb68a099	Patch
https://git.kernel.org/stable/c/5f500874ab9b3cc8c169c2ab49f00b838520b9c5	Patch
https://git.kernel.org/stable/c/7489161b1852390b4413d57f2457cd40b34da6cc	Patch
https://git.kernel.org/stable/c/833f2903eb8b70faca7967319e580e9ce69729fc	Patch
https://git.kernel.org/stable/c/a13351624a6af8d91398860b8c9d4cf6c8e63de5	Patch
https://git.kernel.org/stable/c/dd190168e60ac15408f074a1fe0ce36aff34027b	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc6::::::

History

14 Apr 2025, 12:40

Type	Values Removed	Values Added
CWE		CWE-190
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.14:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc4::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/0252c33cc943e9e48ddfafaa6b1eb72adb68a099 -~~	() https://git.kernel.org/stable/c/0252c33cc943e9e48ddfafaa6b1eb72adb68a099 - Patch
References	~~() https://git.kernel.org/stable/c/5f500874ab9b3cc8c169c2ab49f00b838520b9c5 -~~	() https://git.kernel.org/stable/c/5f500874ab9b3cc8c169c2ab49f00b838520b9c5 - Patch
References	~~() https://git.kernel.org/stable/c/7489161b1852390b4413d57f2457cd40b34da6cc -~~	() https://git.kernel.org/stable/c/7489161b1852390b4413d57f2457cd40b34da6cc - Patch
References	~~() https://git.kernel.org/stable/c/833f2903eb8b70faca7967319e580e9ce69729fc -~~	() https://git.kernel.org/stable/c/833f2903eb8b70faca7967319e580e9ce69729fc - Patch
References	~~() https://git.kernel.org/stable/c/a13351624a6af8d91398860b8c9d4cf6c8e63de5 -~~	() https://git.kernel.org/stable/c/a13351624a6af8d91398860b8c9d4cf6c8e63de5 - Patch
References	~~() https://git.kernel.org/stable/c/dd190168e60ac15408f074a1fe0ce36aff34027b -~~	() https://git.kernel.org/stable/c/dd190168e60ac15408f074a1fe0ce36aff34027b - Patch

10 Apr 2025, 13:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/a13351624a6af8d91398860b8c9d4cf6c8e63de5 -
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: Se corrige un desbordamiento de enteros al procesar la opción de montaje acregmax. El parámetro de montaje acregmax, proporcionado por el usuario y de tipo u32, está diseñado para tener un límite superior, pero antes de su validación, el valor se convierte de segundos a jiffies, lo que puede provocar un desbordamiento de enteros. Encontrado por el Centro de Verificación de Linux (linuxtesting.org) con SVACE.

01 Apr 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-01 16:15

Updated : 2025-04-14 12:40

NVD link : CVE-2025-21964

Mitre link : CVE-2025-21964

CVE.ORG link : CVE-2025-21964

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-190

Integer Overflow or Wraparound

5.5 /10