Security Advisory

CVE-2025-22038

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-16 14:11:56

Last updated 2026-05-11 21:11:26

Assigner Linux

State PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_subauth before sub_auth is accessed Access psid->sub_auth[psid->num_subauth - 1] without checking if num_subauth is non-zero leads to an out-of-bounds read. This patch adds a validation step to ensure num_subauth != 0 before sub_auth is accessed.

← Browse all CVEs View on cve.org ↗