Linux Kernel ksmbd Incorrect Validation Vulnerability in SMB ACL Processing

Vulnerability

A vulnerability has been identified in the Linux kernel's ksmbd component, specifically related to the validation of the num_aces field in the smb_aclparse_dcal() function. The issue arises because the validation allows for the creation of an array size up to ULONG_MAX, which is incorrect. The smb_acl structure includes a size field that should be used to accurately calculate the number of access control entries (ACEs) in the request buffer. This vulnerability could potentially be exploited to allocate an excessively large array, leading to memory-related issues.

Impact

Exploitation of this vulnerability could result in improper memory allocation, potentially causing memory corruption or other related issues.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ksmbd Incorrect Validation Vulnerability in SMB ACL Processing

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating