8.5

CVE-2025-38561

ksmbd: fix Preauh_HashValue race condition

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix Preauh_HashValue race condition

If client send multiple session setup requests to ksmbd,
Preauh_HashValue race condition could happen.
There is no need to free sess->Preauh_HashValue at session setup phase.
It can be freed together with session at connection termination phase.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 6.1.148
LinuxLinux Kernel Version >= 6.2 < 6.6.102
LinuxLinux Kernel Version >= 6.7 < 6.12.42
LinuxLinux Kernel Version >= 6.13 < 6.15.10
LinuxLinux Kernel Version >= 6.16 < 6.16.1
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.307
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.5 1.8 6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/44a3059c4c8cc635a1fb2afd692d0730ca1ba4b6
Patch
https://git.kernel.org/stable/c/6613887da1d18dd2ecfd6c6148a873c4d903ebdc
Patch
https://git.kernel.org/stable/c/7d7c0c5304c88bcbd7a85e9bcd61d27e998ba5fc
Patch
https://git.kernel.org/stable/c/b69fd87076daa66f3d186bd421a7b0ee0cb45829
Patch
https://git.kernel.org/stable/c/edeecc7871e8fc0878d53ce286c75040a0e38f6c
Patch
https://git.kernel.org/stable/c/fbf5c0845ed15122a770bca9be1d9b60b470d3aa
Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-916/
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory