Arch Linux Security Advisory ASA-202506-3
=========================================

Severity: Low
Date    : 2025-06-06
CVE-ID  : CVE-2025-0620
Package : samba
Type    : access restriction bypass
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2892

Summary
=======

The package samba before version 4.22.2-1 is vulnerable to access
restriction bypass.

Resolution
==========

Upgrade to 4.22.2-1.

# pacman -Syu "samba>=4.22.2-1"

The problem has been fixed upstream in version 4.22.2.

Workaround
==========

None.

Description
===========

When using Kerberos authentication with SMB, smbd doesn't pick up group
membership changes when re-authenticating an expired SMB session.

Impact
======

A remote authenticated attacker may retain unintended access to file
shares in Samba.

References
==========

https://www.samba.org/samba/security/CVE-2025-0620.html
https://bugzilla.samba.org/show_bug.cgi?id=15707
https://nvd.nist.gov/vuln/detail/CVE-2025-0620
https://security.archlinux.org/CVE-2025-0620