Acknowledged
Created: Sep 21, 2025
Updated: Sep 24, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]cifs: prevent NULL pointer dereference in UTF16 conversion[EOL][EOL]There can be a NULL pointer dereference bug here. NULL is passed to[EOL]__cifs_sfu_make_node without checks, which passes it unchecked to[EOL]cifs_strndup_to_utf16, which in turn passes it to[EOL]cifs_local_to_utf16_bytes where '*from' is dereferenced, causing a crash.[EOL][EOL]This patch adds a check for NULL 'src' in cifs_strndup_to_utf16 and[EOL]returns NULL early to prevent dereferencing NULL pointer.[EOL][EOL]Found by Linux Verification Center (linuxtesting.org) with SVACE
