Skip to main content

Linux Kernel CVE-2025-38575

MEDIUM
2025-04-18 416baaa9-dc9f-4396-8d5f-8c081fb06d67
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Apr 18, 2025 - 07:15 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: use aead_request_free to match aead_request_alloc

Use aead_request_free() instead of kfree() to properly free memory allocated by aead_request_alloc(). This ensures sensitive crypto data is zeroed before being freed.

AnalysisAI

A memory management vulnerability exists in the Linux kernel's ksmbd (SMB server) component where the aead_request_alloc() function is paired with kfree() instead of the proper aead_request_free() deallocation function. This vulnerability affects all Linux kernel versions with ksmbd support, particularly impacting Debian 11 systems and other distributions shipping vulnerable kernels. While the CVSS score of 5.5 indicates moderate severity with local denial-of-service potential, the EPSS score of 0.11% (30th percentile) suggests this is not actively exploited in the wild, though the vulnerability enables information disclosure through improper memory zeroing of sensitive cryptographic data.

Technical ContextAI

The vulnerability resides in the ksmbd (kernel SMB daemon) subsystem of the Linux kernel, which implements SMB/CIFS protocol support. The root cause is a resource management error (improper cleanup of cryptographic objects) where memory allocated via aead_request_alloc()—a function from the Linux crypto API used for authenticated encryption with associated data (AEAD)—is incorrectly freed using the generic kfree() function instead of the crypto-aware aead_request_free() function. The aead_request_free() function is specifically designed to properly zero sensitive cryptographic material before releasing memory, preventing potential information disclosure. This violates the principle of proper API pairing and represents a use-after-free/improper cleanup pattern. Affected products include all Linux kernel versions (cpe:2.3:o:linux:linux_kernel) and Debian GNU/Linux 11.0 (cpe:2.3:o:debian:debian_linux:11.0). The CWE classification is not explicitly provided but falls under improper resource cleanup and sensitive data exposure categories.

RemediationAI

Apply the available kernel patches from the Linux stable tree immediately using your distribution's standard update mechanism. For Debian 11 users, execute apt-get update && apt-get upgrade to incorporate the ksmbd fix referenced in the Debian LTS advisory (https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html). For other distributions, check your vendor's security advisory for patched kernel versions and apply them. If immediate patching is not possible, restrict local shell access to trusted accounts only, as this vulnerability requires local-level privileges (PR:L in CVSS vector). Kernel module loading restrictions (via modprobe blacklist or SELinux) can provide temporary containment if ksmbd is not required. Systems that do not expose SMB shares to untrusted local users face minimal real-world risk and may defer patching to a scheduled maintenance window due to the low EPSS score.

CVE-2022-0847 HIGH POC
7.8 Mar 10

Linux kernel contains a flaw known as 'Dirty Pipe' where improper pipe buffer flag initialization allows unprivileged lo

CVE-2015-1328 HIGH POC
7.8 Nov 28

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does no

CVE-2017-7308 HIGH POC
7.8 Mar 29

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate cer

CVE-2017-16995 HIGH POC
7.8 Dec 27

The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial

CVE-2017-1000112 HIGH POC
7.0 Oct 05

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. Rated high severity (CVSS 7.0). Public ex

CVE-2015-8660 MEDIUM POC
6.7 Dec 28

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr op

CVE-2012-0056 MEDIUM POC
6.9 Jan 27

The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when

CVE-2014-0038 MEDIUM POC
6.9 Feb 06

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allo

CVE-2016-8655 HIGH POC
7.8 Dec 08

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cau

CVE-2016-0728 HIGH POC
7.8 Feb 08

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object ref

CVE-2017-0561 CRITICAL POC
9.8 Apr 07

A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary

CVE-2022-2588 MEDIUM POC
5.3 Jan 08

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the h

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed

Share

CVE-2025-38575 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy