{"vulnerability": "CVE-2025-22038", "sightings": [{"uuid": "5a1304e2-1150-4dc5-b451-54ff10386681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22038", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "801a0bba-07e6-4310-abe3-8a6fff60eaee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22038", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13999", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22038\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate zero num_subauth before sub_auth is accessed\n\nAccess psid->sub_auth[psid->num_subauth - 1] without checking\nif num_subauth is non-zero leads to an out-of-bounds read.\nThis patch adds a validation step to ensure num_subauth != 0\nbefore sub_auth is accessed.\n\ud83d\udccf Published: 2025-04-16T14:11:56.316Z\n\ud83d\udccf Modified: 2025-04-30T09:32:56.495Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/3ac65de111c686c95316ade660f8ba7aea3cd3cc\n2. https://git.kernel.org/stable/c/0e36a3e080d6d8bd7a34e089345d043da4ac8283\n3. https://git.kernel.org/stable/c/56de7778a48560278c334077ace7b9ac4bfb2fd1\n4. https://git.kernel.org/stable/c/68c6c3142bfcdb049839d40a9a59ebe8ea865002\n5. https://git.kernel.org/stable/c/c8bfe1954a0b89e7b29b3a3e7f4c5e0ebd295e20\n6. https://git.kernel.org/stable/c/bf21e29d78cd2c2371023953d9c82dfef82ebb36", "creation_timestamp": "2025-04-30T10:13:36.000000Z"}]}