Linux Kernel ksmbd Out-of-Bounds Memory Access Vulnerability Due to DACL Offset Overflow

Vulnerability

A vulnerability in the Linux kernel's ksmbd component was introduced by an unchecked addition in the dacloffset field, originally typed as int. This oversight allowed the addition to overflow, potentially bypassing existing bounds checks in the smb_check_perm_dacl() and smb_inherit_dacl() functions. The overflow could lead to out-of-bounds memory access, causing a kernel crash when the DACL pointer was dereferenced.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, causing a kernel crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ksmbd Out-of-Bounds Memory Access Vulnerability Due to DACL Offset Overflow

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating