CVE-2025-22039Out-of-bounds Read in Linux

CWE-125Out-of-bounds ReadCWE-190Integer Overflow or Wraparound39 documents7 sources
Severity
7.1HIGHNVD
OSV5.9
EPSS
0.0%
top 87.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedApr 16
Latest updateJan 9

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smb_check_perm_dacl() and smb_inherit_dacl(). This could result in out-of-bounds memory access and a kernel crash when dereferencing the DACL pointer. This patch converts dacloffset to unsigned int and uses check_add_overflow() to

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages9 packages

NVDlinux/linux_kernel5.156.12.23+2
Debianlinux/linux_kernel< 6.12.25-1+1
Ubuntulinux/linux_kernel< 6.8.0-86.87+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

19
OSV
linux-azure-nvidia vulnerabilities2026-01-09
OSV
linux-azure-fips vulnerabilities2025-12-17
OSV
linux-raspi vulnerabilities2025-11-25
OSV
linux-raspi-realtime vulnerabilities2025-11-24
OSV
linux-aws-6.8 vulnerabilities2025-11-12

📋Vendor Advisories

19
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities2026-01-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-12-17
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-11-25
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-11-24
Ubuntu
Linux kernel (AWS) vulnerabilities2025-11-12