CVE-2025-38561
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | ksmbd | * |
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a race condition in the Linux kernel's ksmbd component related to the Preauh_HashValue. When a client sends multiple session setup requests to ksmbd, a race condition can occur because the Preauh_HashValue is freed prematurely during the session setup phase. The fix involves not freeing Preauh_HashValue during session setup but instead freeing it together with the session at the connection termination phase.
How can this vulnerability impact me? :
The vulnerability could lead to unstable behavior or potential security issues in the ksmbd service due to the race condition when handling multiple session setup requests. This might cause unexpected crashes or allow exploitation of the race condition, potentially impacting system stability or security.