CVE-2025-21725

It isn't guaranteed that NETWORKINTERFACEINFO::LinkSpeed will always be set by the server, so the client must handle any values and then prevent oopses like below from happening:

Oops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41 04/01/2014 RIP: 0010:cifsdebugdataprocshow+0xa45/0x1460 [cifs] Code: 00 00 48 89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8 e7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 <48> f7 74 24 18 48 89 c3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24 RSP: 0018:ffffc90001817be0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99 RDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228 RBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac R10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200 R13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58 FS: 00007fe27119e740(0000) GS:ffff888148600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? _diebody.cold+0x19/0x27 ? die+0x2e/0x50 ? dotrap+0x159/0x1b0 ? cifsdebugdataprocshow+0xa45/0x1460 [cifs] ? doerrortrap+0x90/0x130 ? cifsdebugdataprocshow+0xa45/0x1460 [cifs] ? excdivideerror+0x39/0x50 ? cifsdebugdataprocshow+0xa45/0x1460 [cifs] ? asmexcdivideerror+0x1a/0x20 ? cifsdebugdataprocshow+0xa39/0x1460 [cifs] ? cifsdebugdataprocshow+0xa45/0x1460 [cifs] ? seqreaditer+0x42e/0x790 seqreaditer+0x19a/0x790 procregreaditer+0xbe/0x110 ? _pfxprocregreaditer+0x10/0x10 vfsread+0x469/0x570 ? douseraddrfault+0x398/0x760 ? _pfxvfsread+0x10/0x10 ? findheldlock+0x8a/0xa0 ? _pfxlockrelease+0x10/0x10 ksysread+0xd3/0x170 ? _pfxksysread+0x10/0x10 ? _rcureadunlock+0x50/0x270 ? markheldlocks+0x1a/0x90 dosyscall64+0xbb/0x1d0 entrySYSCALL64afterhwframe+0x77/0x7f RIP: 0033:0x7fe271288911 Code: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8 20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec RSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIGRAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911 RDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003 RBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380 R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000 R13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000 </TASK>

Fix this by setting cifsserveriface::speed to a sane value (1Gbps) by default when link speed is unset.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

548893404c44fc01a59f17727876e02553146fe6

Fixed

208e102a2fca44e40a6c3f7b9e2609cfd17a15aa

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1cd8c353708de99d8bfa7db8a0c961a800b1fa7f

Fixed

3f901c35e1a1b3ed1b528a17ffdb941aa0294458

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a6d8fb54a515f0546ffdb7870102b1238917e567

Fixed

699179dfc8d7da457b152ca5d18ae45f9ed9beaa

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a6d8fb54a515f0546ffdb7870102b1238917e567

Fixed

ad3b49fbdb156aa8ee2026ba590642c9b5a410f2

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a6d8fb54a515f0546ffdb7870102b1238917e567

Fixed

be7a6a77669588bfa5022a470989702bbbb11e7f

Affected versions

v6.*

v6.1.100

v6.1.101

v6.1.102

v6.1.103

v6.1.104

v6.1.105

v6.1.106

v6.1.107

v6.1.108

v6.1.109

v6.1.110

v6.1.111

v6.1.112

v6.1.113

v6.1.114

v6.1.115

v6.1.116

v6.1.117

v6.1.118

v6.1.119

v6.1.120

v6.1.121

v6.1.122

v6.1.123

v6.1.124

v6.1.125

v6.1.126

v6.1.127

v6.1.128

v6.1.65

v6.1.66

v6.1.67

v6.1.68

v6.1.69

v6.1.70

v6.1.71

v6.1.72

v6.1.73

v6.1.74

v6.1.75

v6.1.76

v6.1.77

v6.1.78

v6.1.79

v6.1.80

v6.1.81

v6.1.82

v6.1.83

v6.1.84

v6.1.85

v6.1.86

v6.1.87

v6.1.88

v6.1.89

v6.1.90

v6.1.91

v6.1.92

v6.1.93

v6.1.94

v6.1.95

v6.1.96

v6.1.97

v6.1.98

v6.1.99

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.2

v6.12.3

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.13.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.54

v6.6.55

v6.6.56

v6.6.57

v6.6.58

v6.6.59

v6.6.6

v6.6.60

v6.6.61

v6.6.62

v6.6.63

v6.6.64

v6.6.65

v6.6.66

v6.6.67

v6.6.68

v6.6.69

v6.6.7

v6.6.70

v6.6.71

v6.6.72

v6.6.73

v6.6.74

v6.6.75

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22207477995053245411969605936438918136",
                "245331254452987913233983238803617875118",
                "333766863461538615022564882330823500578",
                "64090182289859940800609209969573890928"
            ]
        },
        "id": "CVE-2025-21725-01517e4a",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@208e102a2fca44e40a6c3f7b9e2609cfd17a15aa",
        "target": {
            "file": "fs/smb/client/smb2ops.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 3879.0,
            "function_hash": "281657013203577418580655749128705962510"
        },
        "id": "CVE-2025-21725-1c6f001b",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@699179dfc8d7da457b152ca5d18ae45f9ed9beaa",
        "target": {
            "file": "fs/smb/client/smb2ops.c",
            "function": "parse_server_interfaces"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 3879.0,
            "function_hash": "281657013203577418580655749128705962510"
        },
        "id": "CVE-2025-21725-2ac32f3f",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ad3b49fbdb156aa8ee2026ba590642c9b5a410f2",
        "target": {
            "file": "fs/smb/client/smb2ops.c",
            "function": "parse_server_interfaces"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 3879.0,
            "function_hash": "281657013203577418580655749128705962510"
        },
        "id": "CVE-2025-21725-4c55b9fa",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be7a6a77669588bfa5022a470989702bbbb11e7f",
        "target": {
            "file": "fs/smb/client/smb2ops.c",
            "function": "parse_server_interfaces"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22207477995053245411969605936438918136",
                "245331254452987913233983238803617875118",
                "333766863461538615022564882330823500578",
                "64090182289859940800609209969573890928"
            ]
        },
        "id": "CVE-2025-21725-72fd4bff",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ad3b49fbdb156aa8ee2026ba590642c9b5a410f2",
        "target": {
            "file": "fs/smb/client/smb2ops.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22207477995053245411969605936438918136",
                "245331254452987913233983238803617875118",
                "333766863461538615022564882330823500578",
                "64090182289859940800609209969573890928"
            ]
        },
        "id": "CVE-2025-21725-7e3ec05b",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3f901c35e1a1b3ed1b528a17ffdb941aa0294458",
        "target": {
            "file": "fs/smb/client/smb2ops.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 3879.0,
            "function_hash": "281657013203577418580655749128705962510"
        },
        "id": "CVE-2025-21725-cb34f49c",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3f901c35e1a1b3ed1b528a17ffdb941aa0294458",
        "target": {
            "file": "fs/smb/client/smb2ops.c",
            "function": "parse_server_interfaces"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22207477995053245411969605936438918136",
                "245331254452987913233983238803617875118",
                "333766863461538615022564882330823500578",
                "64090182289859940800609209969573890928"
            ]
        },
        "id": "CVE-2025-21725-db660f4b",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be7a6a77669588bfa5022a470989702bbbb11e7f",
        "target": {
            "file": "fs/smb/client/smb2ops.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22207477995053245411969605936438918136",
                "245331254452987913233983238803617875118",
                "333766863461538615022564882330823500578",
                "64090182289859940800609209969573890928"
            ]
        },
        "id": "CVE-2025-21725-f215ad19",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@699179dfc8d7da457b152ca5d18ae45f9ed9beaa",
        "target": {
            "file": "fs/smb/client/smb2ops.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 3917.0,
            "function_hash": "3602893045141087850114645812027083906"
        },
        "id": "CVE-2025-21725-f8a2f43c",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@208e102a2fca44e40a6c3f7b9e2609cfd17a15aa",
        "target": {
            "file": "fs/smb/client/smb2ops.c",
            "function": "parse_server_interfaces"
        }
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.129

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.76

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.13

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.13.2