PT-2025-16679 · Linux+4 · Linux Kernel+4
Publicado
2025-04-01
·
Atualizado
2026-05-26
·
CVE-2025-22039
CVSS v3.1
7.1
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue concerns an overflow in the dacloffset bounds check within the ksmbd component of the Linux kernel. Originally, the dacloffset field was typed as int and used in an unchecked addition, which could lead to an overflow and bypass the existing bounds check in both smb check perm dacl() and smb inherit dacl() functions. This could result in out-of-bounds memory access and a kernel crash when dereferencing the DACL pointer. The patch resolves this by converting dacloffset to unsigned int and using check add overflow() to validate access to the DACL.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Integer Overflow
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Astra Linux
Debian
Linuxmint
Linux Kernel
Ubuntu