CVE-2025-38179

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix maxsge overflow in smbextractfolioqto_rdma()

This fixes the following problem:

[ 749.901015] [ T8673] run fstests cifs/001 at 2025-06-17 09:40:30 [ 750.346409] [ T9870] ================================================================== [ 750.346814] [ T9870] BUG: KASAN: slab-out-of-bounds in smbsetsge+0x2cc/0x3b0 [cifs] [ 750.347330] [ T9870] Write of size 8 at addr ffff888011082890 by task xfsio/9870 [ 750.347705] [ T9870] [ 750.348077] [ T9870] CPU: 0 UID: 0 PID: 9870 Comm: xfsio Kdump: loaded Not tainted 6.16.0-rc2-metze.02+ #1 PREEMPT(voluntary) [ 750.348082] [ T9870] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 750.348085] [ T9870] Call Trace: [ 750.348086] [ T9870] <TASK> [ 750.348088] [ T9870] dumpstacklvl+0x76/0xa0 [ 750.348106] [ T9870] printreport+0xd1/0x640 [ 750.348116] [ T9870] ? pfxrawspinlockirqsave+0x10/0x10 [ 750.348120] [ T9870] ? kasancompletemodereportinfo+0x26/0x210 [ 750.348124] [ T9870] kasanreport+0xe7/0x130 [ 750.348128] [ T9870] ? smbsetsge+0x2cc/0x3b0 [cifs] [ 750.348262] [ T9870] ? smbset_sge+0x2cc/0x3b0 [cifs] [ 750.348377] [ T9870] __asanreportstore8noabort+0x17/0x30 [ 750.348381] [ T9870] smbsetsge+0x2cc/0x3b0 [cifs] [ 750.348496] [ T9870] smbdpostsenditer+0x1990/0x3070 [cifs] [ 750.348625] [ T9870] ? __pfxsmbdpost_senditer+0x10/0x10 [cifs] [ 750.348741] [ T9870] ? updatestackstate+0x2a0/0x670 [ 750.348749] [ T9870] ? cifsflush+0x153/0x320 [cifs] [ 750.348870] [ T9870] ? cifsflush+0x153/0x320 [cifs] [ 750.348990] [ T9870] ? updatestackstate+0x2a0/0x670 [ 750.348995] [ T9870] smbdsend+0x58c/0x9c0 [cifs] [ 750.349117] [ T9870] ? __pfxsmbdsend+0x10/0x10 [cifs] [ 750.349231] [ T9870] ? unwind_getreturnaddress+0x65/0xb0 [ 750.349235] [ T9870] ? __pfxstacktraceconsumeentry+0x10/0x10 [ 750.349242] [ T9870] ? archstackwalk+0xa7/0x100 [ 750.349250] [ T9870] ? stacktracesave+0x92/0xd0 [ 750.349254] [ T9870] __smbsendrqst+0x931/0xec0 [cifs] [ 750.349374] [ T9870] ? kerneltextaddress+0x173/0x190 [ 750.349379] [ T9870] ? kasansavestack+0x39/0x70 [ 750.349382] [ T9870] ? kasansavetrack+0x18/0x70 [ 750.349385] [ T9870] ? __kasanslabkasanslaballoc+0x9d/0xa0 [ 750.349389] [ T9870] ? pfxmbsendrqst+0x10/0x10 [cifs] [ 750.349508] [ T9870] ? smb2midentryalloc+0xb4/0x7e0 [cifs] [ 750.349626] [ T9870] ? cifscallasync+0x277/0xb00 [cifs] [ 750.349746] [ T9870] ? cifsissuewrite+0x256/0x610 [cifs] [ 750.349867] [ T9870] ? netfsdoissuewrite+0xc2/0x340 [netfs] [ 750.349900] [ T9870] ? netfsadvancewrite+0x45b/0x1270 [netfs] [ 750.349929] [ T9870] ? netfswritefolio+0xd6c/0x1be0 [netfs] [ 750.349958] [ T9870] ? netfswritepages+0x2e9/0xa80 [netfs] [ 750.349987] [ T9870] ? dowritepages+0x21f/0x590 [ 750.349993] [ T9870] ? filemapfdatawritewbc+0xe1/0x140 [ 750.349997] [ T9870] ? entrySYSCALL64afterhwframe+0x76/0x7e [ 750.350002] [ T9870] smbsendrqst+0x22e/0x2f0 [cifs] [ 750.350131] [ T9870] ? __pfxsmbsendrqst+0x10/0x10 [cifs] [ 750.350255] [ T9870] ? localclocknoinstr+0xe/0xd0 [ 750.350261] [ T9870] ? kasansaveallocinfo+0x37/0x60 [ 750.350268] [ T9870] ? __kasancheckwrite+0x14/0x30 [ 750.350271] [ T9870] ? rawspinlock+0x81/0xf0 [ 750.350275] [ T9870] ? pfxrawspinlock+0x10/0x10 [ 750.350278] [ T9870] ? smb2setupasyncrequest+0x293/0x580 [cifs] [ 750.350398] [ T9870] cifscallasync+0x477/0xb00 [cifs] [ 750.350518] [ T9870] ? __pfxsmb2writev_callback+0x10/0x10 [cifs] [ 750.350636] [ T9870] ? __pfxcifscall_async+0x10/0x10 [cifs] [ 750.350756] [ T9870] ? pfxrawspinlock+0x10/0x10 [ 750.350760] [ T9870] ? __kasancheckwrite+0x14/0x30 [ 750.350763] [ T98 ---truncated---