CVE-2025-37956

MEDIUM5.5

ksmbd: prevent rename with empty string

Published May 20, 2025

Modified 10 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: prevent rename with empty string

Client can send empty newname string to ksmbd server. It will cause a kernel oops from d_alloc. This patch return the error when attempting to rename a file or directory with an empty new name string.

References

WEB

https://git.kernel.org/stable/c/53e3e5babc0963a92d856a5ec0ce92c59f54bc12

WEB

https://git.kernel.org/stable/c/6ee551672c8cf36108b0cfba92ec0c7c28ac3439

WEB

https://git.kernel.org/stable/c/c57301e332cc413fe0a7294a90725f4e21e9549d

WEB

https://git.kernel.org/stable/c/d7f2c00acb1ef64304fd40ac507e9213ff1d9b5c

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-37956

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedMay 20, 2025

ModifiedMay 26, 2025