CVE-2025-38431
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-11-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a regression in the Linux kernel's SMB client related to handling native SMB symbolic links (symlinks). Previously, backup or copy tools failed when encountering directories containing symlink targets that the client could not parse, even if those symlinks were not followed. The fix restores the old behavior by allowing lstat(2) and readlink(2) system calls to succeed even when the symlink target cannot be resolved.
How can this vulnerability impact me? :
The vulnerability could cause backup or copy operations to fail when processing directories with certain SMB symlinks that the client cannot resolve. This may disrupt data backup or copying processes, potentially leading to incomplete backups or data management issues.