CVE-2025-22043: 
Linux Debian vulnerability analysis and mitigation

A vulnerability was identified in the Linux kernel related to missing bounds checks for durable handle context in the ksmbd component. The vulnerability was discovered and disclosed on April 16, 2025, and is tracked as CVE-2025-22043. The issue affects multiple Linux distributions including Ubuntu, Debian, and Red Hat Enterprise Linux systems (NVD, Ubuntu).

The vulnerability stems from insufficient bounds checking in the ksmbd (Kernel SMB Daemon) component's handling of durable handle context. A fix has been implemented to add the missing bounds check for durable handle context. The vulnerability has been addressed in Linux kernel version 6.15-rc1 through commit 542027e (CVE).

The vulnerability affects multiple Linux distributions and their various kernel versions. Ubuntu has marked this vulnerability with medium priority, indicating moderate severity. Multiple kernel packages across different Ubuntu releases (25.04, 24.10, 24.04 LTS, 22.04 LTS, 20.04 LTS) are listed as vulnerable (Ubuntu).

The vulnerability has been fixed in Linux kernel version 6.12.25-1 for Debian's sid release. Various other distributions are in the process of releasing patches. For Ubuntu systems, updates are being worked on for affected versions. Users are advised to update their systems once the patches become available (Debian).