{"id":"CVE-2025-21994","summary":"ksmbd: fix incorrect validation for num_aces field of smb_acl","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix incorrect validation for num_aces field of smb_acl\n\nparse_dcal() validate num_aces to allocate posix_ace_state_array.\n\nif (num_aces \u003e ULONG_MAX / sizeof(struct smb_ace *))\n\nIt is an incorrect validation that we can create an array of size ULONG_MAX.\nsmb_acl has -\u003esize field to calculate actual number of aces in request buffer\nsize. Use this to check invalid num_aces.","modified":"2026-04-16T00:11:05.109162896Z","published":"2025-04-02T14:00:37.407Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21994.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1b8b67f3c5e5169535e26efedd3e422172e2db64"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9c4e202abff45f8eac17989e549fc7a75095f675"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a4cb17797a5d241f1e509cb5b46ed95a80c2f5fd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c3a3484d9d31b27a3db0fab91fcf191132d65236"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d0f87370622a853b57e851f7d5a5452b72300f19"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f6a6721802ac2f12f4c1bbe839a4c229b61866f2"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21994.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21994"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0626e6641f6b467447c81dd7678a69c66f7746cf"},{"fixed":"c3a3484d9d31b27a3db0fab91fcf191132d65236"},{"fixed":"9c4e202abff45f8eac17989e549fc7a75095f675"},{"fixed":"d0f87370622a853b57e851f7d5a5452b72300f19"},{"fixed":"a4cb17797a5d241f1e509cb5b46ed95a80c2f5fd"},{"fixed":"f6a6721802ac2f12f4c1bbe839a4c229b61866f2"},{"fixed":"1b8b67f3c5e5169535e26efedd3e422172e2db64"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21994.json"}}],"schema_version":"1.7.5"}