CVE-2025-38562
- Source
- https://cve.org/CVERecord?id=CVE-2025-38562
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38562.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38562
- Downstream
- Published
- 2025-08-19T17:02:39.450Z
- Modified
- 2026-05-07T04:16:50.384244Z
- Summary
- ksmbd: fix null pointer dereference error in generate_encryptionkey
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix null pointer dereference error in generate_encryptionkey
If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess->PreauthHashValue is set to NULL if session is valid. So this patch skip generate encryption key if session is valid.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38562.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/015ef163d65496ae3ba6192c96140a22743f0353
- https://git.kernel.org/stable/c/2a30ed6428ce83afedca1a6c5c5c4247bcf12d0e
- https://git.kernel.org/stable/c/922f85e6e88fdea723a26854c3a6dcb4beb8d0b9
- https://git.kernel.org/stable/c/96a82e19434a2522525baab59c33332658bc7653
- https://git.kernel.org/stable/c/9b493ab6f35178afd8d619800df9071992f715de
- https://git.kernel.org/stable/c/9c2dbbc959e1fcc6f603a1a843e9cf743ba383bb
- https://git.kernel.org/stable/c/d79c8bebaa622ee223128be7c66d8aaeeb634a57
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38562.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38562
- https://www.zerodayinitiative.com/advisories/ZDI-25-917/
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0626e6641f6b467447c81dd7678a69c66f7746cfFixed922f85e6e88fdea723a26854c3a6dcb4beb8d0b9Fixed96a82e19434a2522525baab59c33332658bc7653Fixedd79c8bebaa622ee223128be7c66d8aaeeb634a57Fixed2a30ed6428ce83afedca1a6c5c5c4247bcf12d0eFixed015ef163d65496ae3ba6192c96140a22743f0353Fixed9c2dbbc959e1fcc6f603a1a843e9cf743ba383bbFixed9b493ab6f35178afd8d619800df9071992f715de
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced5.15.0Fixed5.15.203
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.148
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.102
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.42
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.15.10
- Type
- ECOSYSTEM
- Events
-
Introduced6.16.0Fixed6.16.1