CVE-2025-21994

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21994
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21994.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-21994
Downstream
Related
Published
2025-04-02T14:16:01Z
Modified
2025-08-09T19:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix incorrect validation for numaces field of smbacl

parsedcal() validate numaces to allocate posixacestate_array.

if (numaces > ULONGMAX / sizeof(struct smb_ace *))

It is an incorrect validation that we can create an array of size ULONGMAX. smbacl has ->size field to calculate actual number of aces in request buffer size. Use this to check invalid num_aces.

References

Affected packages