Null Pointer Dereference Vulnerability in Linux Kernel's ksmbd Component
CVE-2025-38562

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 August 2025

What is CVE-2025-38562?

A null pointer dereference vulnerability exists in the ksmbd component of the Linux kernel, which can be triggered when a client sends two session setups with Kerberos (krb5) authentication. This results in a null pointer reference during the encryption key generation process, potentially allowing for session handling errors. Fortunately, a patch has been implemented to address this issue by ensuring that encryption key generation is skipped for sessions that are deemed valid.

Affected Version(s)

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 922f85e6e88fdea723a26854c3a6dcb4beb8d0b9

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 96a82e19434a2522525baab59c33332658bc7653

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf

References

https://git.kernel.org/stable/c/922f85e6e88fdea723a26854c...

https://git.kernel.org/stable/c/96a82e19434a2522525baab59...

https://git.kernel.org/stable/c/d79c8bebaa622ee223128be7c...

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2025
Vulnerability Reserved
Apr 16, 2025

CVE-2025-38562 Data

JSON