CVE-2025-38728
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parse_server_interfaces() (see below): BUG: KASAN: slab-out-of-bounds in parse_server_interfaces+0x14ee/0x1880 [cifs] Read of size 4 at addr ffff8881433dba98 by task mount/9827 CPU: 5 UID: 0 PID: 9827 Comm: mount Tainted: G OE 6.16.0-rc2-kasan #2 PREEMPT(voluntary) Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: Dell Inc. Precision Tower 3620/0MWYPT, BIOS 2.13.1 06/14/2019 Call Trace: <TASK> dump_stack_lvl+0x9f/0xf0 print_report+0xd1/0x670 __virt_addr_valid+0x22c/0x430 ? parse_server_interfaces+0x14ee/0x1880 [cifs] ? kasan_complete_mode_report_info+0x2a/0x1f0 ? parse_server_interfaces+0x14ee/0x1880 [cifs] kasan_report+0xd6/0x110 parse_server_interfaces+0x14ee/0x1880 [cifs] __asan_report_load_n_noabort+0x13/0x20 parse_server_interfaces+0x14ee/0x1880 [cifs] ? __pfx_parse_server_interfaces+0x10/0x10 [cifs] ? trace_hardirqs_on+0x51/0x60 SMB3_request_interfaces+0x1ad/0x3f0 [cifs] ? __pfx_SMB3_request_interfaces+0x10/0x10 [cifs] ? SMB2_tcon+0x23c/0x15d0 [cifs] smb3_qfs_tcon+0x173/0x2b0 [cifs] ? __pfx_smb3_qfs_tcon+0x10/0x10 [cifs] ? cifs_get_tcon+0x105d/0x2120 [cifs] ? do_raw_spin_unlock+0x5d/0x200 ? cifs_get_tcon+0x105d/0x2120 [cifs] ? __pfx_smb3_qfs_tcon+0x10/0x10 [cifs] cifs_mount_get_tcon+0x369/0xb90 [cifs] ? dfs_cache_find+0xe7/0x150 [cifs] dfs_mount_share+0x985/0x2970 [cifs] ? check_path.constprop.0+0x28/0x50 ? save_trace+0x54/0x370 ? __pfx_dfs_mount_share+0x10/0x10 [cifs] ? __lock_acquire+0xb82/0x2ba0 ? __kasan_check_write+0x18/0x20 cifs_mount+0xbc/0x9e0 [cifs] ? __pfx_cifs_mount+0x10/0x10 [cifs] ? do_raw_spin_unlock+0x5d/0x200 ? cifs_setup_cifs_sb+0x29d/0x810 [cifs] cifs_smb3_do_mount+0x263/0x1990 [cifs]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-09-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38728
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a slab out-of-bounds error in the Linux kernel's SMB3 implementation when mounting to ksmbd. It occurs due to a missing check in the parse_server_interfaces() function, which can lead to reading memory outside the allocated slab, potentially causing system instability or crashes.


How can this vulnerability impact me? :

The vulnerability can cause a slab out-of-bounds memory access during the mount operation to ksmbd, which may lead to system crashes, instability, or potential exploitation by attackers to affect system reliability or security.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by enabling KASAN (Kernel Address Sanitizer) and monitoring for slab out of bounds errors related to smb3 mounts to ksmbd. Specifically, look for kernel logs indicating KASAN slab-out-of-bounds errors during mount operations involving cifs/smb3. Commands to check kernel logs include: 'dmesg | grep -i kasan' or 'journalctl -k | grep -i kasan'.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating the Linux kernel to a version where this vulnerability is fixed, as the issue is resolved in the kernel version referenced. If updating is not immediately possible, avoid mounting smb3 shares using ksmbd until the patch is applied. Additionally, enabling KASAN can help detect exploitation attempts.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart