CVE-2025-21963

medium

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

https://git.kernel.org/stable/c/9e438d0410a4002d24f420f2c28897ba2dc0af64

https://git.kernel.org/stable/c/6124cbf73e3dea7591857dd63b8ccece28952afd

https://git.kernel.org/stable/c/5b29891f91dfb8758baf1e2217bef4b16b2b165b

https://git.kernel.org/stable/c/39d086bb3558da9640ef335f97453e01d32578a1

https://git.kernel.org/stable/c/2809a79bc64964ce02e0c5f2d6bd39b9d09bdb3c

https://git.kernel.org/stable/c/0c26edf477e093cefc41637f5bccc102e1a77399

Details

Source: Mitre, NVD

Published: 2025-04-01

Updated: 2025-04-14

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium