CVE-2025-21660: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
First published: Tue Jan 21 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked When `ksmbd_vfs_kern_path_locked` met an error and it is not the last entry, it will exit without restoring changed path buffer. But later this buffer may be used as the filename for creation.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-21660?
CVE-2025-21660 is classified as a medium severity vulnerability affecting the Linux kernel.
How do I fix CVE-2025-21660?
To fix CVE-2025-21660, update your Linux kernel to the latest version that contains the security patch.
What systems are affected by CVE-2025-21660?
CVE-2025-21660 affects systems running specific versions of the Linux kernel that utilize the ksmbd service.
Is CVE-2025-21660 a remote exploit?
CVE-2025-21660 can potentially be exploited remotely if proper security measures are not in place.
What does CVE-2025-21660 impact in the Linux kernel?
CVE-2025-21660 impacts the path buffer management within the ksmbd_vfs_kern_path_locked function in the Linux kernel.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel