๐Ÿ” CVE Alert

CVE-2025-37947

HIGH 7.8

ksmbd: prevent out-of-bounds stream writes by validating *pos

CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write offset (*pos) was within the bounds of the existing stream data length (v_len). If *pos was greater than or equal to v_len, this could lead to an out-of-bounds memory write. This patch adds a check to ensure *pos is less than v_len before proceeding. If the condition fails, -EINVAL is returned.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published May 20, 2025
Last Updated Feb 26, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Linux / Linux
0626e6641f6b467447c81dd7678a69c66f7746cf < 7f61da79df86fd140c7768e668ad846bfa7ec8e1 0626e6641f6b467447c81dd7678a69c66f7746cf < 04c8a38c60346bb5a7c49b276de7233f703ce9cb 0626e6641f6b467447c81dd7678a69c66f7746cf < d62ba16563a86aae052f96d270b3b6f78fca154c 0626e6641f6b467447c81dd7678a69c66f7746cf < e6356499fd216ed6343ae0363f4c9303f02c5034 0626e6641f6b467447c81dd7678a69c66f7746cf < 0ca6df4f40cf4c32487944aaf48319cb6c25accc
Linux / Linux
5.15

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/7f61da79df86fd140c7768e668ad846bfa7ec8e1 git.kernel.org: https://git.kernel.org/stable/c/04c8a38c60346bb5a7c49b276de7233f703ce9cb git.kernel.org: https://git.kernel.org/stable/c/d62ba16563a86aae052f96d270b3b6f78fca154c git.kernel.org: https://git.kernel.org/stable/c/e6356499fd216ed6343ae0363f4c9303f02c5034 git.kernel.org: https://git.kernel.org/stable/c/0ca6df4f40cf4c32487944aaf48319cb6c25accc github.com: https://github.com/doyensec/KSMBD-CVE-2025-37947/blob/main/CVE-2025-37947.c lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html