CVE-2025-38561

CVSS v3.1

8.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to the fix

Description The issue relates to a race condition within the Preauh HashValue() function of the ksmbd component in the Linux kernel. This occurs when a client sends multiple session setup requests to ksmbd. The problem stems from incorrect synchronization when a shared resource is used. The vulnerability could allow an attacker to cause a denial of service. The vulnerable function is Preauh HashValue(). The sess->Preauh HashValue variable is involved in the race condition.

Recommendations Update the Linux Kernel to the version containing the fix for this vulnerability.

Exploit

Fix

RCE

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2025-10729

CVE-2025-38561

DLA-4328-1

ECHO-49EA-B826-1527

LSN-0118-1

MGASA-2025-0234

MGASA-2025-0235

USN-7879-1

USN-7879-2

USN-7879-3

USN-7879-4

USN-7880-1

USN-7934-1

USN-8013-1

USN-8013-2

USN-8013-3

USN-8013-4

USN-8015-1

USN-8015-2

USN-8015-3

USN-8015-4

USN-8015-5

USN-8016-1

USN-8052-1

USN-8074-1

USN-8074-2

USN-8126-1

ZDI-25-916

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-38561

Weakness Enumeration

Related Identifiers

Affected Products

References · 1333