PT-2025-31084 · Linux+5 · Linux Kernel+5

Published

2025-07-05

·

Updated

2026-05-26

·

CVE-2025-38488

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free condition exists in the SMB client within the Linux kernel's crypt message() function when asynchronous cryptography is utilized. The initial fix for CVE-2024-50047 removed asynchronous crypto handling, assuming all crypto operations were synchronous. However, hardware crypto accelerators can still trigger asynchronous operations, leading to the premature freeing of the request buffer while the operation is still in progress. Subsequently, accessing this freed memory results in kernel crashes due to NULL pointer dereferences. The issue arises because crypto alloc aead() with a mask of 0 does not guarantee synchronous operation, and asynchronous implementations can be selected even without CRYPTO ALG ASYNC in the mask.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Resource Release

NULL Pointer Dereference

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-825CWE-404CWE-476CWE-416

Related Identifiers

AZL-73458
BDU:2025-10805
CVE-2025-38488
DLA-4327-1
DLA-4328-1
DSA-5973-1
DSA-5975-1
ECHO-674E-420E-FE7A
LSN-0118-1
MGASA-2025-0218
MGASA-2025-0219
OESA-2026-2416
OESA-2026-2417
OESA-2026-2418
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03601-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03613-1
SUSE-SU-2025:03614-1
SUSE-SU-2025:03615-1
SUSE-SU-2025:03626-1
SUSE-SU-2025:03628-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3716-1
SUSE-SU-2025:3725-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:3761-1
SUSE-SU-2026:0939-1
SUSE-SU-2026:0940-1
SUSE-SU-2026:0941-1
SUSE-SU-2026:0951-1
SUSE-SU-2026:0953-1
SUSE-SU-2026:0954-1
SUSE-SU-2026:0958-1
SUSE-SU-2026:0983-1
SUSE-SU-2026:0985-1
SUSE-SU-2026:0992-1
SUSE-SU-2026:1000-1
SUSE-SU-2026:1002-1
SUSE-SU-2026:1039-1
SUSE-SU-2026:1044-1
SUSE-SU-2026:1046-1
SUSE-SU-2026:1049-1
SUSE-SU-2026:1073-1
SUSE-SU-2026:1083-1
SUSE-SU-2026:1088-1
SUSE-SU-2026:1089-1
SUSE-SU-2026:1096-1
SUSE-SU-2026:1101-1
SUSE-SU-2026:1125-1
SUSE-SU-2026:1132-1
SUSE-SU-2026:20831-1
SUSE-SU-2026:20841-1
SUSE-SU-2026:20847-1
SUSE-SU-2026:20848-1
SUSE-SU-2026:20849-1
SUSE-SU-2026:20850-1
SUSE-SU-2026:20851-1
SUSE-SU-2026:20852-1
SUSE-SU-2026:20853-1
SUSE-SU-2026:20854-1
SUSE-SU-2026:20857-1
SUSE-SU-2026:20858-1
SUSE-SU-2026:20859-1
SUSE-SU-2026:20860-1
SUSE-SU-2026:20861-1
SUSE-SU-2026:20862-1
SUSE-SU-2026:20863-1
SUSE-SU-2026:20880-1
SUSE-SU-2026:20881-1
SUSE-SU-2026:20882-1
SUSE-SU-2026:20883-1
SUSE-SU-2026:20884-1
SUSE-SU-2026:20885-1
SUSE-SU-2026:20886-1
SUSE-SU-2026:20891-1
SUSE-SU-2026:20892-1
SUSE-SU-2026:20893-1
SUSE-SU-2026:20894-1
SUSE-SU-2026:20895-1
SUSE-SU-2026:20896-1
SUSE-SU-2026:20897-1
SUSE-SU-2026:20898-1
SUSE-SU-2026:20946-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7934-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu