CVE-2025-38191
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15 (inc) to 6.1.142 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.95 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.35 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.4 (exc) |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a null pointer dereference in the Linux kernel's ksmbd component. It occurs when a client sets the PreviousSessionId during the Kerberos session setup stage. Because the session's user field (sess->user) is not set yet, the function destroy_previous_session() is called with a NULL user argument, leading to a null pointer dereference error. The fix involves moving the call to destroy_previous_session() until after the user is set in ksmbd_krb5_authenticate().
How can this vulnerability impact me? :
This vulnerability can cause a null pointer dereference in the Linux kernel, which may lead to a kernel crash or denial of service when handling Kerberos session setups in ksmbd. This could disrupt services relying on the kernel's SMB daemon, potentially affecting system stability and availability.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that fixes the null pointer dereference in the ksmbd component of the Linux kernel by ensuring that destroy_previous_session() is called only after ksmbd_krb5_authenticate() has set sess->user. Updating the Linux kernel to a version that includes this fix is recommended.