CVE-2025-68806

EUVD-2026-2305

13.01.2026, 16:16

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix buffer validation by including null terminator size in EA length

The smb2_set_ea function, which handles Extended Attributes (EA),
was performing buffer validation checks that incorrectly omitted the size
of the null terminating character (+1 byte) for EA Name.
This patch fixes the issue by explicitly adding '+ 1' to EaNameLength where
the null terminator is expected to be present in the buffer, ensuring
the validation accurately reflects the total required buffer size.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	6.1.162-1 fixed
bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.249-1 fixed
forky	6.18.12-1 fixed
sid	6.18.14-1 fixed
trixie	vulnerable
trixie (security)	6.12.73-1 fixed

linux-6.1

bullseye (security)

6.1.162-1~deb11u1

fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Published: 2026-01-13T23:00:00+00:00

References

https://git.kernel.org/stable/c/6dc8cf6e7998ef7aeb9383a4c2904ea5d22fa2e4

https://git.kernel.org/stable/c/95d7a890e4b03e198836d49d699408fd1867cb55

https://git.kernel.org/stable/c/a28a375a5439eb474e9f284509a407efb479c925

https://git.kernel.org/stable/c/cae52c592a07e1d3fa3338a5f064a374a5f26750

https://git.kernel.org/stable/c/d26af6d14da43ab92d07bc60437c62901dc522e6