mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.1 KiB
1.1 KiB
CVE-2025-21947
Description
In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix type confusion via race condition when using ipc_msg_send_requestreq->handle is allocated using ksmbd_acquire_id(&ipc_ida), based onida_alloc. req->handle from ksmbd_ipc_login_request andFSCTL_PIPE_TRANSCEIVE ioctl can be same and it could lead to type confusionbetween messages, resulting in access to unexpected parts of memory afteran incorrect delivery. ksmbd check type of ipc response but missing addcontinue to check next ipc reponse.
POC
Reference
No PoCs from references.