QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-22038

Back to search

CVE-2025-22038

Published: Apr 16, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_subauth before sub_auth is accessed Access psid->sub_auth[psid->num_subauth - 1] without checking if num_subauth is non-zero leads to an out-of-bounds read. This patch adds a validation step to ensure num_subauth != 0 before sub_auth is accessed.

VendorProductVersions

Linux

Linux

affected
0626e6641f6b467447c81dd7678a69c66f7746cf - < 3ac65de111c686c95316ade660f8ba7aea3cd3cc
affected
0626e6641f6b467447c81dd7678a69c66f7746cf - < 0e36a3e080d6d8bd7a34e089345d043da4ac8283
affected
0626e6641f6b467447c81dd7678a69c66f7746cf - < 56de7778a48560278c334077ace7b9ac4bfb2fd1
affected
0626e6641f6b467447c81dd7678a69c66f7746cf - < 68c6c3142bfcdb049839d40a9a59ebe8ea865002
affected
0626e6641f6b467447c81dd7678a69c66f7746cf - < c8bfe1954a0b89e7b29b3a3e7f4c5e0ebd295e20

+1 more versions

Linux

Linux

affected
5.15
unaffected
0 - < 5.15
unaffected
6.1.134 - <= 6.1.*
unaffected
6.6.87 - <= 6.6.*
unaffected
6.12.23 - <= 6.12.*

+3 more versions

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now