Null Pointer Dereference in Linux Kernel SMB Client
CVE-2025-21844

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 March 2025

Summary

A vulnerability has been identified in the Linux kernel's SMB client that could lead to a null pointer dereference. The issue arises in the 'receive_encrypted_standard()' function where there is a lack of checks for the return values from 'cifs_buf_get()' and 'cifs_small_buf_get()'. This oversight could allow an attacker to exploit the vulnerability, resulting in potential crashes or undefined behavior in the affected systems. Resolving this flaw involves adding necessary checks to ensure robust handling of buffer retrieval processes.

Affected Version(s)

Linux b03c8099a738a04d2343547ae6a04e5f0f63d3fa

Linux 858e73ff25639a0cc1f6f8d2587b62c045867e41

Linux 9f528a8e68327117837b5e28b096f52af4c26a05 < 24e8e4523d3071bc5143b0db9127d511489f7b3b

References

https://git.kernel.org/stable/c/f277e479eea3d1aa18bc712ab...

https://git.kernel.org/stable/c/f618aeb6cad2307e48a641379...

https://git.kernel.org/stable/c/24e8e4523d3071bc5143b0db9...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Dec 29, 2024