CVE-2025-68806

Jan. 14, 2026, 4:26 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2_set_ea function, which handles Extended Attributes (EA), was performing buffer validation checks that incorrectly omitted the size of the null terminating character (+1 byte) for EA Name. This patch fixes the issue by explicitly adding '+ 1' to EaNameLength where the null terminator is expected to be present in the buffer, ensuring the validation accurately reflects the total required buffer size.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/6dc8cf6e7998ef7aeb9383a4c2904ea5d22fa2e4
https://git.kernel.org/stable/c/95d7a890e4b03e198836d49d699408fd1867cb55
https://git.kernel.org/stable/c/a28a375a5439eb474e9f284509a407efb479c925
https://git.kernel.org/stable/c/cae52c592a07e1d3fa3338a5f064a374a5f26750
https://git.kernel.org/stable/c/d26af6d14da43ab92d07bc60437c62901dc522e6

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-01-13
CVE-2025-68806

Timeline

Published: Jan. 13, 2026, 4:16 p.m.
Last Modified: Jan. 14, 2026, 4:26 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.