CVE-2025-21963

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21963
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21963.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21963
Downstream
Related
Published
2025-04-01T15:46:59.773Z
Modified
2025-11-28T02:33:56.701544Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
cifs: Fix integer overflow while processing acdirmax mount option
Details

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix integer overflow while processing acdirmax mount option

User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21963.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4c9f948142a550af416a2bfb5e56d29ce29e92cf
Fixed
0c26edf477e093cefc41637f5bccc102e1a77399
Fixed
39d086bb3558da9640ef335f97453e01d32578a1
Fixed
9e438d0410a4002d24f420f2c28897ba2dc0af64
Fixed
2809a79bc64964ce02e0c5f2d6bd39b9d09bdb3c
Fixed
6124cbf73e3dea7591857dd63b8ccece28952afd
Fixed
5b29891f91dfb8758baf1e2217bef4b16b2b165b

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.12.0
Fixed
5.15.180
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.132
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.84
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.20
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.8