CVE-2025-21725

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21725
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21725.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-21725
Downstream
Related
Published
2025-02-27T02:07:32Z
Modified
2025-10-15T22:33:38.831773Z
Summary
smb: client: fix oops due to unset link speed
Details

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix oops due to unset link speed

It isn't guaranteed that NETWORKINTERFACEINFO::LinkSpeed will always be set by the server, so the client must handle any values and then prevent oopses like below from happening:

Oops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41 04/01/2014 RIP: 0010:cifsdebugdataprocshow+0xa45/0x1460 [cifs] Code: 00 00 48 89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8 e7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 <48> f7 74 24 18 48 89 c3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24 RSP: 0018:ffffc90001817be0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99 RDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228 RBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac R10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200 R13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58 FS: 00007fe27119e740(0000) GS:ffff888148600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? _diebody.cold+0x19/0x27 ? die+0x2e/0x50 ? dotrap+0x159/0x1b0 ? cifsdebugdataprocshow+0xa45/0x1460 [cifs] ? doerrortrap+0x90/0x130 ? cifsdebugdataprocshow+0xa45/0x1460 [cifs] ? excdivideerror+0x39/0x50 ? cifsdebugdataprocshow+0xa45/0x1460 [cifs] ? asmexcdivideerror+0x1a/0x20 ? cifsdebugdataprocshow+0xa39/0x1460 [cifs] ? cifsdebugdataprocshow+0xa45/0x1460 [cifs] ? seqreaditer+0x42e/0x790 seqreaditer+0x19a/0x790 procregreaditer+0xbe/0x110 ? _pfxprocregreaditer+0x10/0x10 vfsread+0x469/0x570 ? douseraddrfault+0x398/0x760 ? _pfxvfsread+0x10/0x10 ? findheldlock+0x8a/0xa0 ? _pfxlockrelease+0x10/0x10 ksysread+0xd3/0x170 ? _pfxksysread+0x10/0x10 ? _rcureadunlock+0x50/0x270 ? markheldlocks+0x1a/0x90 dosyscall64+0xbb/0x1d0 entrySYSCALL64afterhwframe+0x77/0x7f RIP: 0033:0x7fe271288911 Code: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8 20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec RSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIGRAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911 RDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003 RBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380 R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000 R13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000 </TASK>

Fix this by setting cifsserveriface::speed to a sane value (1Gbps) by default when link speed is unset.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
548893404c44fc01a59f17727876e02553146fe6
Fixed
208e102a2fca44e40a6c3f7b9e2609cfd17a15aa
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1cd8c353708de99d8bfa7db8a0c961a800b1fa7f
Fixed
3f901c35e1a1b3ed1b528a17ffdb941aa0294458
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a6d8fb54a515f0546ffdb7870102b1238917e567
Fixed
699179dfc8d7da457b152ca5d18ae45f9ed9beaa
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a6d8fb54a515f0546ffdb7870102b1238917e567
Fixed
ad3b49fbdb156aa8ee2026ba590642c9b5a410f2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a6d8fb54a515f0546ffdb7870102b1238917e567
Fixed
be7a6a77669588bfa5022a470989702bbbb11e7f

Affected versions

v6.*

v6.1.100
v6.1.101
v6.1.102
v6.1.103
v6.1.104
v6.1.105
v6.1.106
v6.1.107
v6.1.108
v6.1.109
v6.1.110
v6.1.111
v6.1.112
v6.1.113
v6.1.114
v6.1.115
v6.1.116
v6.1.117
v6.1.118
v6.1.119
v6.1.120
v6.1.121
v6.1.122
v6.1.123
v6.1.124
v6.1.125
v6.1.126
v6.1.127
v6.1.128
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.90
v6.1.91
v6.1.92
v6.1.93
v6.1.94
v6.1.95
v6.1.96
v6.1.97
v6.1.98
v6.1.99
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.129
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.76
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.13
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.13.2