CVE-2025-21725

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb: client: fix oops due to unset link speed<br /> <br /> It isn&amp;#39;t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always<br /> be set by the server, so the client must handle any values and then<br /> prevent oopses like below from happening:<br /> <br /> Oops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI<br /> CPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41<br /> 04/01/2014<br /> RIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48<br /> 89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8<br /> e7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 f7 74 24 18 48 89<br /> c3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24<br /> RSP: 0018:ffffc90001817be0 EFLAGS: 00010246<br /> RAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99<br /> RDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228<br /> RBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac<br /> R10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200<br /> R13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58<br /> FS: 00007fe27119e740(0000) GS:ffff888148600000(0000)<br /> knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0<br /> PKRU: 55555554<br /> Call Trace:<br /> <br /> ? __die_body.cold+0x19/0x27<br /> ? die+0x2e/0x50<br /> ? do_trap+0x159/0x1b0<br /> ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]<br /> ? do_error_trap+0x90/0x130<br /> ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]<br /> ? exc_divide_error+0x39/0x50<br /> ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]<br /> ? asm_exc_divide_error+0x1a/0x20<br /> ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]<br /> ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]<br /> ? seq_read_iter+0x42e/0x790<br /> seq_read_iter+0x19a/0x790<br /> proc_reg_read_iter+0xbe/0x110<br /> ? __pfx_proc_reg_read_iter+0x10/0x10<br /> vfs_read+0x469/0x570<br /> ? do_user_addr_fault+0x398/0x760<br /> ? __pfx_vfs_read+0x10/0x10<br /> ? find_held_lock+0x8a/0xa0<br /> ? __pfx_lock_release+0x10/0x10<br /> ksys_read+0xd3/0x170<br /> ? __pfx_ksys_read+0x10/0x10<br /> ? __rcu_read_unlock+0x50/0x270<br /> ? mark_held_locks+0x1a/0x90<br /> do_syscall_64+0xbb/0x1d0<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> RIP: 0033:0x7fe271288911<br /> Code: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8<br /> 20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 3d<br /> 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec<br /> RSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000<br /> RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911<br /> RDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003<br /> RBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380<br /> R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000<br /> R13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000<br /> <br /> <br /> Fix this by setting cifs_server_iface::speed to a sane value (1Gbps)<br /> by default when link speed is unset.