CVE-2025-38575

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38575
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38575.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38575
Downstream
Published
2025-04-18T07:01:33.904Z
Modified
2026-05-15T04:13:37.664763345Z
Summary
ksmbd: use aead_request_free to match aead_request_alloc
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: use aeadrequestfree to match aeadrequestalloc

Use aeadrequestfree() instead of kfree() to properly free memory allocated by aeadrequestalloc(). This ensures sensitive crypto data is zeroed before being freed.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38575.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.180
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.134
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.87
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.23
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.11
Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38575.json"