VDB

DEBIAN-CVE-2025-68806

DEBIAN-CVE-2025-68806 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2_set_ea function, which handles Extended Attributes (EA), was performing buffer validation checks that incorrectly omitted the size of the null terminating character (+1 byte) for EA Name. This patch fixes the issue by explicitly adding '+ 1' to EaNameLength where the null terminator is expected to be present in the buffer, ensuring the validation accurately reflects the total required buffer size.

Affected Products

VendorProductVersions
Debian:13linux0, 6.12.38-1, 6.12.48-1
Debian:11linux-6.10, 6.1.106-3~deb11u1, 6.1.106-3~deb11u2
Debian:12linux6.1.119-1, 6.1.123-1, 6.1.124-1
Debian:14linux*, 0, 6.12.38-1

Exploit Intelligence

Timeline

  • Jan 13, 2026 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›