Vulnerability in Linux Kernel's ksmbd Component
CVE-2025-38092

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 2 July 2025

What is CVE-2025-38092?

A vulnerability exists in the Linux kernel related to the ksmbd component, where the macro list_first_entry() fails to return NULL when the list is empty. Instead, it may return an invalid pointer, which can lead to security issues during operations that depend on list traversal. The resolution involves using list_first_entry_or_null() to properly validate the list state before accessing its elements, ensuring that any empty lists are handled safely.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 334da674b25fdb7a1a4d4b89dcd7795144fc7e11

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/c78abb646ff823e7d22faad4c...

https://git.kernel.org/stable/c/334da674b25fdb7a1a4d4b89d...

https://git.kernel.org/stable/c/cb7e06e9736d73007dc8dab7b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2025
Vulnerability Reserved
Apr 16, 2025