Vulnerabilities

CVE-2025-22038

by Fred · 16/04/2025

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate zero num_subauth before sub_auth is accessed

Access psid->sub_auth[psid->num_subauth – 1] without checking
if num_subauth is non-zero leads to an out-of-bounds read.
This patch adds a validation step to ensure num_subauth != 0
before sub_auth is accessed.

More information : https://git.kernel.org/stable/c/0e36a3e080d6d8bd7a34e089345d043da4ac8283

Similar

Tags: Cybersecurity Alert