CVE-2025-21946

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix out-of-bounds in parse_sec_desc()

If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd struct size. If it is smaller, It could cause slab-out-of-bounds. And when validating sid, It need to check it included subauth array size.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < f4ee19528664777af8b842f8f001be98345aa973affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < c1569dbbe2d43041be9f3fef7ca08bec3b66ad1baffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 159d059cbcb0e6d0e7a7b34af3862ba09a6b22d1affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 6a9831180d0b23b5c97e2bd841aefc8f82900172affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < d6e13e19063db24f94b690159d0633aaf72a0f03affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux6.1.160 <= 6.1.*unaffected
LinuxLinux6.6.83 <= 6.6.*unaffected
LinuxLinux6.12.19 <= 6.12.*unaffected
LinuxLinux6.13.7 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

References