CVE-2025-21963

MEDIUM

Linux Kernel 5.12-6.13.8 - Integer Overflow in CIFS acdirmax Mount Option

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE.

References (7)

Core 7

Scores

CVSS v3 5.5
EPSS 0.0016
EPSS Percentile 5.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-190
Status published
Products (21)
linux/Kernel 5.12.0 - 5.15.180linux
linux/Kernel 5.16.0 - 6.1.132linux
linux/Kernel 6.13.0 - 6.13.8linux
linux/Kernel 6.2.0 - 6.6.84linux
linux/Kernel 6.7.0 - 6.12.20linux
Linux/Linux < 5.12
Linux/Linux 4c9f948142a550af416a2bfb5e56d29ce29e92cf - 0c26edf477e093cefc41637f5bccc102e1a77399
Linux/Linux 4c9f948142a550af416a2bfb5e56d29ce29e92cf - 2809a79bc64964ce02e0c5f2d6bd39b9d09bdb3c
Linux/Linux 4c9f948142a550af416a2bfb5e56d29ce29e92cf - 39d086bb3558da9640ef335f97453e01d32578a1
Linux/Linux 4c9f948142a550af416a2bfb5e56d29ce29e92cf - 5b29891f91dfb8758baf1e2217bef4b16b2b165b
... and 11 more
Published Apr 01, 2025
Tracked Since Feb 18, 2026