CVE-2025-38523

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The handling of received data in the smbdirect client code uses copy to iter() to copy data from the smbd response struct's packet trailer to a folioq buffer. When CONFIG HARDENED USERCOPY=y, this can cause checks in copy to iter() to fail, resulting in a kernel BUG. The issue occurs because the smbd response slab's packet field is not marked as permitted for usercopy. The fix involves modifying kmem slab create() to allow copy to iter() from the packet region of the smbd response slab objects.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1188

Related Identifiers

ALSA-2025:16904

BDU:2025-15164

CVE-2025-38523

USN-7833-1

USN-7833-2

USN-7833-3

USN-7833-4

USN-7834-1

USN-7856-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-38523

Weakness Enumeration

Related Identifiers

Affected Products

References · 230