Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_subauth before sub_auth is accessed Access psid->sub_auth[psid->num_subauth - 1] without checking if num_subauth is non-zero leads to an out-of-bounds read. This patch adds a validation step to ensure num_subauth != 0 before sub_auth is accessed.

INFO

Published Date :

2025-04-16T14:11:56.316Z

Last Modified :

2025-11-03T19:41:20.321Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-22038 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-22038.

URL Resource
https://git.kernel.org/stable/c/0e36a3e080d6d8bd7a34e089345d043da4ac8283 cve-icon cve-icon
https://git.kernel.org/stable/c/3ac65de111c686c95316ade660f8ba7aea3cd3cc cve-icon cve-icon
https://git.kernel.org/stable/c/56de7778a48560278c334077ace7b9ac4bfb2fd1 cve-icon cve-icon
https://git.kernel.org/stable/c/68c6c3142bfcdb049839d40a9a59ebe8ea865002 cve-icon cve-icon
https://git.kernel.org/stable/c/bf21e29d78cd2c2371023953d9c82dfef82ebb36 cve-icon cve-icon
https://git.kernel.org/stable/c/c8bfe1954a0b89e7b29b3a3e7f4c5e0ebd295e20 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025041659-CVE-2025-22038-1b5a@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-22038 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-22038 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact