CVE-2025-21994

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix incorrect validation for num_aces field of smb_acl parse_dcal() validate num_aces to allocate posix_ace_state_array. if (num_aces > ULONG_MAX / sizeof(struct smb_ace *)) It is an incorrect validation that we can create an array of size ULONG_MAX. smb_acl has ->size field to calculate actual number of aces in request buffer size. Use this to check invalid num_aces.

Reserved 2024-12-29 | Published 2025-04-02 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

0626e6641f6b467447c81dd7678a69c66f7746cf before c3a3484d9d31b27a3db0fab91fcf191132d65236
affected

0626e6641f6b467447c81dd7678a69c66f7746cf before 9c4e202abff45f8eac17989e549fc7a75095f675
affected

0626e6641f6b467447c81dd7678a69c66f7746cf before d0f87370622a853b57e851f7d5a5452b72300f19
affected

0626e6641f6b467447c81dd7678a69c66f7746cf before a4cb17797a5d241f1e509cb5b46ed95a80c2f5fd
affected

0626e6641f6b467447c81dd7678a69c66f7746cf before f6a6721802ac2f12f4c1bbe839a4c229b61866f2
affected

0626e6641f6b467447c81dd7678a69c66f7746cf before 1b8b67f3c5e5169535e26efedd3e422172e2db64
affected

Default status
affected

5.15
affected

Any version before 5.15
unaffected

5.15.180
unaffected

6.1.132
unaffected

6.6.85
unaffected

6.12.21
unaffected

6.13.9
unaffected

6.14
unaffected

References

git.kernel.org/...c/c3a3484d9d31b27a3db0fab91fcf191132d65236

git.kernel.org/...c/9c4e202abff45f8eac17989e549fc7a75095f675

git.kernel.org/...c/d0f87370622a853b57e851f7d5a5452b72300f19

git.kernel.org/...c/a4cb17797a5d241f1e509cb5b46ed95a80c2f5fd

git.kernel.org/...c/f6a6721802ac2f12f4c1bbe839a4c229b61866f2

git.kernel.org/...c/1b8b67f3c5e5169535e26efedd3e422172e2db64

cve.org (CVE-2025-21994)

nvd.nist.gov (CVE-2025-21994)

Download JSON