Null Pointer Dereference in Linux Kernel SMB Client Component
CVE-2025-38208

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38208?

A vulnerability exists in the Linux kernel's SMB client component, where a null pointer dereference could occur due to a missing check when tcon->origin_fullpath is set. This oversight can potentially lead to application crashes or unexpected behavior. Addressing this issue requires a patch that incorporates a null check, thereby enhancing the robustness of the SMB client functionality.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 37166d63e42c34846a16001950ecec96229a8d17

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/37166d63e42c34846a1600195...

https://git.kernel.org/stable/c/a9e916fa5c7d0ec2256aa44aa...

https://git.kernel.org/stable/c/cce8e71ca1f7ad9045707f0d2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025