CVE-2025-21964
cifs: Fix integer overflow while processing acregmax mount option
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
01 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix integer overflow while processing acregmax mount option
User-provided mount parameter acregmax of type u32 is intended to have
an upper limit, but before it is validated, the value is converted from
seconds to jiffies which can lead to an integer overflow.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Linux · LinuxReferences
https://git.kernel.org/stable/c/0252c33cc943e9e48ddfafaa6b1eb72adb68a099https://git.kernel.org/stable/c/5f500874ab9b3cc8c169c2ab49f00b838520b9c5https://git.kernel.org/stable/c/7489161b1852390b4413d57f2457cd40b34da6cchttps://git.kernel.org/stable/c/833f2903eb8b70faca7967319e580e9ce69729fchttps://git.kernel.org/stable/c/a13351624a6af8d91398860b8c9d4cf6c8e63de5https://git.kernel.org/stable/c/dd190168e60ac15408f074a1fe0ce36aff34027bhttps://lists.debian.org/debian-lts-announce/2025/05/msg00045.html