PT-2025-16679 · Linux+4 · Linux Kernel+4

Published

2025-04-01

Updated

2026-05-26

CVE-2025-22039

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns an overflow in the dacloffset bounds check within the ksmbd component of the Linux kernel. Originally, the dacloffset field was typed as int and used in an unchecked addition, which could lead to an overflow and bypass the existing bounds check in both smb check perm dacl() and smb inherit dacl() functions. This could result in out-of-bounds memory access and a kernel crash when dereferencing the DACL pointer. The patch resolves this by converting dacloffset to unsigned int and using check add overflow() to validate access to the DACL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-125

Related Identifiers

BDU:2026-01288

CVE-2025-22039

ECHO-AD72-4B46-3FFA

USN-7594-1

USN-7594-2

USN-7594-3

USN-7605-1

USN-7605-2

USN-7606-1

USN-7628-1

USN-7835-1

USN-7835-2

USN-7835-3

USN-7835-4

USN-7835-5

USN-7835-6

USN-7887-1

USN-7887-2

USN-7940-1

USN-7940-2

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Ubuntu

PT-2025-16679 · Linux+4 · Linux Kernel+4

CVE-2025-22039

Weakness Enumeration

Related Identifiers

Affected Products

References · 511