{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-30T02:52:56.238","vulnerabilities":[{"cve":{"id":"CVE-2025-22039","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-04-16T15:15:56.500","lastModified":"2026-06-17T08:44:54.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix overflow in dacloffset bounds check\n\nThe dacloffset field was originally typed as int and used in an\nunchecked addition, which could overflow and bypass the existing\nbounds check in both smb_check_perm_dacl() and smb_inherit_dacl().\n\nThis could result in out-of-bounds memory access and a kernel crash\nwhen dereferencing the DACL pointer.\n\nThis patch converts dacloffset to unsigned int and uses\ncheck_add_overflow() to validate access to the DACL."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: corrección de desbordamiento en la comprobación de los límites de dacloffset. El campo dacloffset se tipificó originalmente como int y se usó en una adición sin comprobar, lo que podría desbordarse y omitir la comprobación de los límites existente tanto en smb_check_perm_dacl() como en smb_inherit_dacl(). Esto podría provocar un acceso a memoria fuera de los límites y un fallo del kernel al desreferenciar el puntero DACL. Este parche convierte dacloffset a unsigned int y utiliza check_add_overflow() para validar el acceso a la DACL."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/smb/server/smbacl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0626e6641f6b467447c81dd7678a69c66f7746cf","lessThan":"6a9cd9ff0fa2bcc30b2bfb8bdb161eb20e44b9dc","versionType":"git","status":"affected"},{"version":"0626e6641f6b467447c81dd7678a69c66f7746cf","lessThan":"6b8d379048b168a0dff5ab1acb975b933f368514","versionType":"git","status":"affected"},{"version":"0626e6641f6b467447c81dd7678a69c66f7746cf","lessThan":"443b373a4df5a2cb9f7b8c4658b2afedeb16397f","versionType":"git","status":"affected"},{"version":"0626e6641f6b467447c81dd7678a69c66f7746cf","lessThan":"beff0bc9d69bc8e733f9bca28e2d3df5b3e10e42","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/smb/server/smbacl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"6.12.23","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.13.11","lessThanOrEqual":"6.13.*","versionType":"semver","status":"unaffected"},{"version":"6.14.2","lessThanOrEqual":"6.14.*","versionType":"semver","status":"unaffected"},{"version":"6.15","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.12.23","matchCriteriaId":"1FDF0290-DECC-4633-9F68-856CD6ABA9A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.13.11","matchCriteriaId":"E7E864B0-8C00-4679-BA55-659B4C9C3AD3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.14.2","matchCriteriaId":"FADAE5D8-4808-442C-B218-77B2CE8780A0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/443b373a4df5a2cb9f7b8c4658b2afedeb16397f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6a9cd9ff0fa2bcc30b2bfb8bdb161eb20e44b9dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6b8d379048b168a0dff5ab1acb975b933f368514","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/beff0bc9d69bc8e733f9bca28e2d3df5b3e10e42","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}