VDB
DEBIAN-CVE-2025-68806
DEBIAN-CVE-2025-68806
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2_set_ea function, which handles Extended Attributes (EA), was performing buffer validation checks that incorrectly omitted the size of the null terminating character (+1 byte) for EA Name. This patch fixes the issue by explicitly adding '+ 1' to EaNameLength where the null terminator is expected to be present in the buffer, ensuring the validation accurately reflects the total required buffer size.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 0, 6.12.38-1, 6.12.48-1 |
| Debian:11 | linux-6.1 | 0, 6.1.106-3~deb11u1, 6.1.106-3~deb11u2 |
| Debian:12 | linux | 6.1.119-1, 6.1.123-1, 6.1.124-1 |
| Debian:14 | linux | *, 0, 6.12.38-1 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Jan 13, 2026 CVE Published
- Apr 28, 2026 CVE Updated