-

CVE-2025-38191

EPSS 0.04%
Veröffentlicht 04.07.2025 13:37:15
Zuletzt bearbeitet 09.08.2025 15:15:28
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix null pointer dereference in destroy_previous_session

If client set ->PreviousSessionId on kerberos session setup stage,
NULL pointer dereference error will happen. Since sess->user is not
set yet, It can pass the user argument as NULL to destroy_previous_session.
sess->user will be set in ksmbd_krb5_authenticate(). So this patch move
calling destroy_previous_session() after ksmbd_krb5_authenticate().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 281afc52e2961cd5dd8326ebc9c5bc40904c0468

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < 0902625a24eea7fdc187faa5d97df244d159dd6e

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < 1193486dffb7432a09f57f5d09049b4d4123538b

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < 076f1adefb9837977af7ed233883842ddc446644

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < 7ac5b66acafcc9292fb935d7e03790f2b8b2dc0e

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.142

Status unaffected

Version <= 6.6.*

Version 6.6.95

Status unaffected

Version <= 6.12.*

Version 6.12.35

Status unaffected

Version <= 6.15.*

Version 6.15.4

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.097

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/281afc52e2961cd5dd8326ebc9c5bc40904c0468

https://git.kernel.org/stable/c/0902625a24eea7fdc187faa5d97df244d159dd6e

https://git.kernel.org/stable/c/1193486dffb7432a09f57f5d09049b4d4123538b

https://git.kernel.org/stable/c/076f1adefb9837977af7ed233883842ddc446644

https://git.kernel.org/stable/c/7ac5b66acafcc9292fb935d7e03790f2b8b2dc0e

https://www.zerodayinitiative.com/advisories/ZDI-25-610/

https://nvd.nist.gov/vuln/detail/CVE-2025-38191

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38191

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38191

EUVD