Corrective releases of the Samba 4.14.4, 4.13.8 and 4.12.15 package have been prepared with the elimination of the vulnerability (CVE-2021-20254), which in most cases can lead to the crash of the smbd process, but in the worst case, the possibility of unauthorized access to files and removal by an unprivileged user of files on a network partition.
The vulnerability is caused by an error in the sids_to_unixids() function, which causes data to be read from an area outside the buffer boundary when converting SID (Windows Security Identifier) ββgroup identifiers to GID (Unix Group ID). The problem occurs when a negative entry is added to the GID SID mapping cache. The Samba developers were unable to identify reliable and repeatable conditions for the vulnerability to occur, but the researcher who identified the vulnerability believes that the problem can be exploited to delete files on a file server without proper rights to perform this operation.
Source: opennet.ru