VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Aug 19, 2025· Updated Apr 18, 2026

CVE-2025-38562

CVE-2025-38562

Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix null pointer dereference error in generate_encryptionkey

If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generate_encryptionkey could happen. sess->Preauth_HashValue is set to NULL if session is valid. So this patch skip generate encryption key if session is valid.

Affected products

2
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • Linux/Kernel
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    Range: >=5.15,<6.1.148

Patches

6
96a82e19434a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
d79c8bebaa62
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
2a30ed6428ce
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
015ef163d654
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
9c2dbbc959e1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
9b493ab6f351
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.