CVE-2025-38737

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue in the CIFS implementation where the smb3 init transform rq() function does not initialize a buffer to NULL before calling netfs alloc folioq buffer(). This can lead to an oops condition because netfs expects to append to a valid buffer, but the value is undefined.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-120

Related Identifiers

ALSA-2025:22854

BDU:2025-15191

CVE-2025-38737

DSA-6008-1

RHSA-2025:22854

RHSA-2025:23009

Affected Products

Astra Linux

Linux Kernel

Red Os

CVE-2025-38737

Weakness Enumeration

Related Identifiers

Affected Products

References · 47