CVE-2025-38561

CVSS v3.1

8.5

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to the fix

Description The issue relates to a race condition within the

Preauh HashValue()

function of the ksmbd component in the Linux kernel. This occurs when a client sends multiple session setup requests to ksmbd. The problem stems from incorrect synchronization when a shared resource is used. The vulnerability could allow an attacker to cause a denial of service. The vulnerable function is

Preauh HashValue()

. The

sess->Preauh HashValue

variable is involved in the race condition.

Recommendations Update the Linux Kernel to the version containing the fix for this vulnerability.

Exploit

Fix

RCE

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2025-10729

CVE-2025-38561

DLA-4328-1

ECHO-49EA-B826-1527

MGASA-2025-0234

MGASA-2025-0235

ZDI-25-916

Affected Products

Astra Linux

Debian

Linux Kernel

CVE-2025-38561

Weakness Enumeration

Related Identifiers

Affected Products

References · 761