CVE-2025-21994 in Linuxinformazioni

Riassunto

di MITRE • 02/04/2025

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix incorrect validation for num_aces field of smb_acl

parse_dcal() validate num_aces to allocate posix_ace_state_array.

if (num_aces > ULONG_MAX / sizeof(struct smb_ace *))

It is an incorrect validation that we can create an array of size ULONG_MAX. smb_acl has ->size field to calculate actual number of aces in request buffer size. Use this to check invalid num_aces.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsabile

Linux

Prenotare

29/12/2024

Divulgazione

02/04/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00178

KEV

no

Attività

molto basso

Fonti

Interested in the pricing of exploits?

See the underground prices here!