CVE-2025-21994
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-21994
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21994.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-21994
- Downstream
- Related
- Published
- 2025-04-02T14:16:01Z
- Modified
- 2025-08-09T19:01:27Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix incorrect validation for numaces field of smbacl
parsedcal() validate numaces to allocate posixacestate_array.
if (numaces > ULONGMAX / sizeof(struct smb_ace *))
It is an incorrect validation that we can create an array of size ULONGMAX. smbacl has ->size field to calculate actual number of aces in request buffer size. Use this to check invalid num_aces.
- References
-
- https://git.kernel.org/stable/c/1b8b67f3c5e5169535e26efedd3e422172e2db64
- https://git.kernel.org/stable/c/9c4e202abff45f8eac17989e549fc7a75095f675
- https://git.kernel.org/stable/c/a4cb17797a5d241f1e509cb5b46ed95a80c2f5fd
- https://git.kernel.org/stable/c/c3a3484d9d31b27a3db0fab91fcf191132d65236
- https://git.kernel.org/stable/c/d0f87370622a853b57e851f7d5a5452b72300f19
- https://git.kernel.org/stable/c/f6a6721802ac2f12f4c1bbe839a4c229b61866f2