VYPR
Medium severity5.5NVD Advisory· Published Aug 19, 2025· Updated Apr 18, 2026

CVE-2025-38562

CVE-2025-38562

Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix null pointer dereference error in generate_encryptionkey

If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generate_encryptionkey could happen. sess->Preauth_HashValue is set to NULL if session is valid. So this patch skip generate encryption key if session is valid.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • Linux/Kernel2 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.15,<6.1.148
    • (no CPE)

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.