CVE-2025-38728

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's SMB3 implementation related to handling server interfaces during mounting to ksmbd. Specifically, a missing check in the parse server interfaces() function can lead to a slab out-of-bounds read when Kernel Address Sanitizer (KASAN) is enabled. This issue occurs during the mount process to ksmbd. The vulnerability is triggered when parsing server interfaces.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

AZL-66875

AZL-73845

BDU:2025-15745

CVE-2025-38728

DLA-4328-1

DSA-6009-1

ECHO-EF08-08AB-0264

MGASA-2025-0234

MGASA-2025-0235

OESA-2026-1303

OESA-2026-1304

OESA-2026-1305

OESA-2026-1341

OPENSUSE-SU-2025:20172-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:0316-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

Ksmbd

CVE-2025-38728

Weakness Enumeration

Related Identifiers

Affected Products

References · 3227