In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix incorrect validation for numaces field of smbacl
parsedcal() validate numaces to allocate posixacestate_array.
if (numaces > ULONGMAX / sizeof(struct smb_ace *))
It is an incorrect validation that we can create an array of size ULONGMAX. smbacl has ->size field to calculate actual number of aces in request buffer size. Use this to check invalid num_aces.
[
    {
        "id": "CVE-2025-21994-4d5e1457",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "188146019277595244986996904874360955633",
            "length": 5294.0
        },
        "target": {
            "file": "fs/smb/server/smbacl.c",
            "function": "parse_dacl"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f6a6721802ac2f12f4c1bbe839a4c229b61866f2"
    },
    {
        "id": "CVE-2025-21994-76045148",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "100582898895957725585713157959388813138",
            "length": 5273.0
        },
        "target": {
            "file": "fs/ksmbd/smbacl.c",
            "function": "parse_dacl"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c3a3484d9d31b27a3db0fab91fcf191132d65236"
    },
    {
        "id": "CVE-2025-21994-aa7c010d",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "100582898895957725585713157959388813138",
            "length": 5273.0
        },
        "target": {
            "file": "fs/smb/server/smbacl.c",
            "function": "parse_dacl"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d0f87370622a853b57e851f7d5a5452b72300f19"
    },
    {
        "id": "CVE-2025-21994-acfa2a11",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "247163386785035142565829278668553029186",
                "234124404055154443842083929274698239405",
                "269407320217351538656149069385500044946",
                "130150819057146827134416650596549654975",
                "149309407638692324927224546760592101787",
                "108068587267176012199339273090500573877",
                "282339880447226470592442431076360833273",
                "202043020967590576988083579659022406174"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "fs/ksmbd/smbacl.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c3a3484d9d31b27a3db0fab91fcf191132d65236"
    },
    {
        "id": "CVE-2025-21994-aff2d7a4",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "247163386785035142565829278668553029186",
                "234124404055154443842083929274698239405",
                "269407320217351538656149069385500044946",
                "130150819057146827134416650596549654975",
                "149309407638692324927224546760592101787",
                "108068587267176012199339273090500573877",
                "282339880447226470592442431076360833273",
                "202043020967590576988083579659022406174"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "fs/smb/server/smbacl.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a4cb17797a5d241f1e509cb5b46ed95a80c2f5fd"
    },
    {
        "id": "CVE-2025-21994-c1362875",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "337668324555375143438777276104419377423",
                "234124404055154443842083929274698239405",
                "269407320217351538656149069385500044946",
                "130150819057146827134416650596549654975",
                "149309407638692324927224546760592101787",
                "108068587267176012199339273090500573877",
                "282339880447226470592442431076360833273",
                "202043020967590576988083579659022406174"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "fs/smb/server/smbacl.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1b8b67f3c5e5169535e26efedd3e422172e2db64"
    },
    {
        "id": "CVE-2025-21994-c6f2722d",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "188146019277595244986996904874360955633",
            "length": 5294.0
        },
        "target": {
            "file": "fs/smb/server/smbacl.c",
            "function": "parse_dacl"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1b8b67f3c5e5169535e26efedd3e422172e2db64"
    },
    {
        "id": "CVE-2025-21994-d9681ea0",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "100582898895957725585713157959388813138",
            "length": 5273.0
        },
        "target": {
            "file": "fs/smb/server/smbacl.c",
            "function": "parse_dacl"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a4cb17797a5d241f1e509cb5b46ed95a80c2f5fd"
    },
    {
        "id": "CVE-2025-21994-f932399c",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "100582898895957725585713157959388813138",
            "length": 5273.0
        },
        "target": {
            "file": "fs/smb/server/smbacl.c",
            "function": "parse_dacl"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9c4e202abff45f8eac17989e549fc7a75095f675"
    },
    {
        "id": "CVE-2025-21994-fcc2bcdd",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "247163386785035142565829278668553029186",
                "234124404055154443842083929274698239405",
                "269407320217351538656149069385500044946",
                "130150819057146827134416650596549654975",
                "149309407638692324927224546760592101787",
                "108068587267176012199339273090500573877",
                "282339880447226470592442431076360833273",
                "202043020967590576988083579659022406174"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "fs/smb/server/smbacl.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9c4e202abff45f8eac17989e549fc7a75095f675"
    },
    {
        "id": "CVE-2025-21994-fe5a2766",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "247163386785035142565829278668553029186",
                "234124404055154443842083929274698239405",
                "269407320217351538656149069385500044946",
                "130150819057146827134416650596549654975",
                "149309407638692324927224546760592101787",
                "108068587267176012199339273090500573877",
                "282339880447226470592442431076360833273",
                "202043020967590576988083579659022406174"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "fs/smb/server/smbacl.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d0f87370622a853b57e851f7d5a5452b72300f19"
    },
    {
        "id": "CVE-2025-21994-fe737d2e",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "247163386785035142565829278668553029186",
                "234124404055154443842083929274698239405",
                "269407320217351538656149069385500044946",
                "130150819057146827134416650596549654975",
                "149309407638692324927224546760592101787",
                "108068587267176012199339273090500573877",
                "282339880447226470592442431076360833273",
                "202043020967590576988083579659022406174"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "fs/smb/server/smbacl.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f6a6721802ac2f12f4c1bbe839a4c229b61866f2"
    }
]