DEBIAN-CVE-2025-21660

DEBIAN-CVE-2025-21660 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked When `ksmbd_vfs_kern_path_locked` met an error and it is not the last entry, it will exit without restoring changed path buffer. But later this buffer may be used as the filename for creation.

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:12	linux	6.1.76-1~bpo11+1, 6.1.76-1, 6.1.76-1
Debian:11	linux-6.1	6.1.112-1, 6.1.119-1, 6.1.106-3~deb11u2
Debian:14	linux	0, 0
Debian:13	linux	0, 0

Timeline

Jan 21, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-21660 advisory

Open in Interactive Console →