5.5

CVE-2025-21994

ksmbd: fix incorrect validation for num_aces field of smb_acl

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix incorrect validation for num_aces field of smb_acl

parse_dcal() validate num_aces to allocate posix_ace_state_array.

if (num_aces > ULONG_MAX / sizeof(struct smb_ace *))

It is an incorrect validation that we can create an array of size ULONG_MAX.
smb_acl has ->size field to calculate actual number of aces in request buffer
size. Use this to check invalid num_aces.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 5.15.180
LinuxLinux Kernel Version >= 5.16 < 6.1.132
LinuxLinux Kernel Version >= 6.2 < 6.6.85
LinuxLinux Kernel Version >= 6.7 < 6.12.21
LinuxLinux Kernel Version >= 6.13 < 6.13.9
LinuxLinux Kernel Version6.14 Updaterc1
LinuxLinux Kernel Version6.14 Updaterc2
LinuxLinux Kernel Version6.14 Updaterc3
LinuxLinux Kernel Version6.14 Updaterc4
LinuxLinux Kernel Version6.14 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.075
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/1b8b67f3c5e5169535e26efedd3e422172e2db64
Patch
https://git.kernel.org/stable/c/9c4e202abff45f8eac17989e549fc7a75095f675
Patch
https://git.kernel.org/stable/c/a4cb17797a5d241f1e509cb5b46ed95a80c2f5fd
Patch
https://git.kernel.org/stable/c/d0f87370622a853b57e851f7d5a5452b72300f19
Patch
https://git.kernel.org/stable/c/f6a6721802ac2f12f4c1bbe839a4c229b61866f2
Patch
https://git.kernel.org/stable/c/c3a3484d9d31b27a3db0fab91fcf191132d65236
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html