Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2025-21725

Description

In the Linux kernel, the following vulnerability has been resolved:smb: client: fix oops due to unset link speedIt isn't guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will alwaysbe set by the server, so the client must handle any values and thenprevent oopses like below from happening:Oops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTICPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc4104/01/2014RIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 4889 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8e7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 <48> f7 74 24 18 48 89c3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24RSP: 0018:ffffc90001817be0 EFLAGS: 00010246RAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99RDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228RBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58acR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200R13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58FS: 00007fe27119e740(0000) GS:ffff888148600000(0000)knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0PKRU: 55555554Call Trace: ? __die_body.cold+0x19/0x27 ? die+0x2e/0x50 ? do_trap+0x159/0x1b0 ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs] ? do_error_trap+0x90/0x130 ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs] ? exc_divide_error+0x39/0x50 ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs] ? asm_exc_divide_error+0x1a/0x20 ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs] ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs] ? seq_read_iter+0x42e/0x790 seq_read_iter+0x19a/0x790 proc_reg_read_iter+0xbe/0x110 ? __pfx_proc_reg_read_iter+0x10/0x10 vfs_read+0x469/0x570 ? do_user_addr_fault+0x398/0x760 ? __pfx_vfs_read+0x10/0x10 ? find_held_lock+0x8a/0xa0 ? __pfx_lock_release+0x10/0x10 ksys_read+0xd3/0x170 ? __pfx_ksys_read+0x10/0x10 ? __rcu_read_unlock+0x50/0x270 ? mark_held_locks+0x1a/0x90 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7fRIP: 0033:0x7fe271288911Code: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e820 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 <48> 3d00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ecRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911RDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003RBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000R13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000 Fix this by setting cifs_server_iface::speed to a sane value (1Gbps)by default when link speed is unset.

POC

Reference

No PoCs from references.

Github

- https://github.com/w4zu/Debian_security