CVE-2025-22037
published 2025-04-16CVE-2025-22037: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2…
PriorityP336medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
23.28%
97.5th percentile
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix null pointer dereference in alloc_preauth_hash()
The Client send malformed smb2 negotiate request. ksmbd return error
response. Subsequently, the client can send smb2 session setup even
thought conn->preauth_info is not allocated.
This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore
session setup request if smb2 negotiate phase is not complete.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 6.12.25-1 (forky) | linux 6.12.25-1 (forky) |
| linux | linux | — | — |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < cce57cd8c5dead24127cf2308fdd60fcad2d6ba6 | cce57cd8c5dead24127cf2308fdd60fcad2d6ba6 |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad | ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < 8f216b33a5e1b3489c073b1ea1b3d7cb63c8dc4d | 8f216b33a5e1b3489c073b1ea1b3d7cb63c8dc4d |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < b8eb243e670ecf30e91524dd12f7260dac07d335 | b8eb243e670ecf30e91524dd12f7260dac07d335 |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780 | c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780 |
| linux | linux_kernel | < 6.12.23 | 6.12.23 |
| linux | linux_kernel | >= 0 < 6.12.25-1 | 6.12.25-1 |
| linux | linux_kernel | >= 0 < 6.12.25-1 | 6.12.25-1 |
| linux | linux_kernel | >= 0 < 6.8.0-101.101 | 6.8.0-101.101 |
| linux | linux_kernel | >= 0 < 6.14.0-22.22 | 6.14.0-22.22 |
| linux | linux_kernel | >= 6.13 < 6.13.11 | 6.13.11 |
| linux | linux_kernel | >= 6.14 < 6.14.2 | 6.14.2 |
| msrc | azl3_kernel_6.6.92.2-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_kernel_5.15.182.1-1_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.9MEDIUM
vendor_ubuntu5.9MEDIUM
vendor_debian5.5MEDIUM
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-azure-6.8 vulnerabilities
osv·2026-03-25·CVSS 3.2
[LOW] linux-azure-6.8 vulnerabilities
linux-azure-6.8 vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)
Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores,
OSV
linux-azure vulnerabilities
osv·2026-03-25
linux-azure vulnerabilities
linux-azure vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- Nios II architecture;
- PA-RISC architecture;
- RISC-V architecture;
- S390 architecture;
- Sun Sparc architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Xtensa arch
OSV
linux-azure-fips vulnerabilities
osv·2026-03-24·CVSS 5.5
CVE-2025-22037 [MEDIUM] linux-azure-fips vulnerabilities
linux-azure-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
OSV
linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities
osv·2026-03-10·CVSS 5.5
CVE-2025-22037 [MEDIUM] linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities
linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
OSV
linux-aws-fips vulnerabilities
osv·2026-03-04·CVSS 5.5
CVE-2025-22037 [MEDIUM] linux-aws-fips vulnerabilities
linux-aws-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
OSV
linux-aws, linux-aws-6.8, linux-ibm, linux-ibm-6.8, linux-xilinx vulnerabilities
osv·2026-02-26·CVSS 5.5
CVE-2025-22037 [MEDIUM] linux-aws, linux-aws-6.8, linux-ibm, linux-ibm-6.8, linux-xilinx vulnerabilities
linux-aws, linux-aws-6.8, linux-ibm, linux-ibm-6.8, linux-xilinx vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
OSV
linux-gcp, linux-gcp-6.8, linux-gke, linux-oracle-6.8 vulnerabilities
osv·2026-02-25·CVSS 5.5
CVE-2025-22037 [MEDIUM] linux-gcp, linux-gcp-6.8, linux-gke, linux-oracle-6.8 vulnerabilities
linux-gcp, linux-gcp-6.8, linux-gke, linux-oracle-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
OSV
linux-fips, linux-gcp-fips vulnerabilities
osv·2026-02-25·CVSS 5.5
CVE-2025-22037 [MEDIUM] linux-fips, linux-gcp-fips vulnerabilities
linux-fips, linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
OSV
linux-realtime, linux-realtime-6.8 vulnerabilities
osv·2026-02-25·CVSS 5.5
CVE-2025-22037 [MEDIUM] linux-realtime, linux-realtime-6.8 vulnerabilities
linux-realtime, linux-realtime-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
OSV
linux-raspi-realtime vulnerabilities
osv·2026-02-24·CVSS 5.5
CVE-2025-22037 [MEDIUM] linux-raspi-realtime vulnerabilities
linux-raspi-realtime vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
OSV
linux, linux-gkeop, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-raspi vulnerabilities
osv·2026-02-24·CVSS 5.5
CVE-2025-22037 [MEDIUM] linux, linux-gkeop, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-raspi vulnerabilities
linux, linux-gkeop, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
OSV
linux-azure, linux-azure-6.11 vulnerabilities
osv·2025-07-08·CVSS 5.9
CVE-2025-2312 [MEDIUM] linux-azure, linux-azure-6.11 vulnerabilities
linux-azure, linux-azure-6.11 vulnerabilities
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Compute Acceleration Framework;
- ACPI drivers;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bus devices;
- AMD CDX bus driver;
- Clock framework and drivers;
- DMA engine subsystem;
- DPLL subsystem;
- Qualcomm firmware driv
OSV
linux-aws, linux-oracle vulnerabilities
osv·2025-07-08
linux-aws, linux-oracle vulnerabilities
linux-aws, linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Ublk userspace block driver;
- Bluetooth drivers;
- Bus devices;
- TPM device driver;
- Clock framework and drivers;
- CPU frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- GPU drivers;
- HID subsystem;
- HSI subsystem;
- I2C subsystem;
OSV
linux-lowlatency, linux-lowlatency-hwe-6.11 vulnerabilities
osv·2025-07-04·CVSS 5.9
CVE-2025-2312 [MEDIUM] linux-lowlatency, linux-lowlatency-hwe-6.11 vulnerabilities
linux-lowlatency, linux-lowlatency-hwe-6.11 vulnerabilities
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Compute Acceleration Framework;
- ACPI drivers;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bus devices;
- AMD CDX bus driver;
- Clock framework and drivers;
- DMA engine subsystem;
- DPLL subsystem;
- Qualcomm
OSV
linux-oem-6.11 vulnerabilities
osv·2025-06-30·CVSS 5.9
CVE-2025-2312 [MEDIUM] linux-oem-6.11 vulnerabilities
linux-oem-6.11 vulnerabilities
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Compute Acceleration Framework;
- ACPI drivers;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bus devices;
- AMD CDX bus driver;
- Clock framework and drivers;
- DMA engine subsystem;
- DPLL subsystem;
- Qualcomm firmware drivers;
- GPIO sub
OSV
linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oracle, linux-raspi, linux-realtime vulnerabilities
osv·2025-06-30·CVSS 5.9
CVE-2025-2312 [MEDIUM] linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oracle, linux-raspi, linux-realtime vulnerabilities
linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oracle, linux-raspi, linux-realtime vulnerabilities
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Compute Acceleration Framework;
- ACPI drivers;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bus devices;
- AMD CDX bus driver;
- Clock framework and dr
OSV
linux-azure vulnerabilities
osv·2025-06-26
linux-azure vulnerabilities
linux-azure vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Ublk userspace block driver;
- Bluetooth drivers;
- Bus devices;
- TPM device driver;
- Clock framework and drivers;
- CPU frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- GPU drivers;
- HID subsystem;
- HSI subsystem;
- I2C subsystem;
- I3C subsys
OSV
linux, linux-gcp, linux-raspi, linux-realtime vulnerabilities
osv·2025-06-24
linux, linux-gcp, linux-raspi, linux-realtime vulnerabilities
linux, linux-gcp, linux-raspi, linux-realtime vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Ublk userspace block driver;
- Bluetooth drivers;
- Bus devices;
- TPM device driver;
- Clock framework and drivers;
- CPU frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- GPU drivers;
- HID subsystem;
- HSI subsys
GHSA
GHSA-gvg4-xh6r-ggrp: In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix null pointer dereference in alloc_preauth_hash()
The Client send malf
ghsa_unreviewed·2025-04-16
CVE-2025-22037 [MEDIUM] CWE-476 GHSA-gvg4-xh6r-ggrp: In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix null pointer dereference in alloc_preauth_hash()
The Client send malf
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix null pointer dereference in alloc_preauth_hash()
The Client send malformed smb2 negotiate request. ksmbd return error
response. Subsequently, the client can send smb2 session setup even
thought conn->preauth_info is not allocated.
This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore
session setup request if smb2 negotiate phase is not complete.
OSV
CVE-2025-22037: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malfor
osv·2025-04-16·CVSS 5.5
CVE-2025-22037 [MEDIUM] CVE-2025-22037: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malfor
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2026-03-25·CVSS 3.2
CVE-2025-40068 [LOW] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)
Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2026-03-25
CVE-2025-40245 Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- Nios II architecture;
- PA-RISC architecture;
- RISC-V architecture;
- S390 architecture;
-
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities
vendor_ubuntu·2026-03-24·CVSS 5.5
CVE-2025-22037 [MEDIUM] Linux kernel (Azure FIPS) vulnerabilities
Title: Linux kernel (Azure FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtua
Ubuntu
Linux kernel (NVIDIA) vulnerabilities
vendor_ubuntu·2026-03-10·CVSS 5.5
CVE-2025-37899 [MEDIUM] Linux kernel (NVIDIA) vulnerabilities
Title: Linux kernel (NVIDIA) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
l
Ubuntu
Linux kernel (AWS FIPS) vulnerabilities
vendor_ubuntu·2026-03-04·CVSS 5.5
CVE-2025-22037 [MEDIUM] Linux kernel (AWS FIPS) vulnerabilities
Title: Linux kernel (AWS FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2026-02-26·CVSS 5.5
CVE-2025-37899 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powe
Ubuntu
Linux kernel (FIPS) vulnerabilities
vendor_ubuntu·2026-02-25·CVSS 5.5
CVE-2025-37899 [MEDIUM] Linux kernel (FIPS) vulnerabilities
Title: Linux kernel (FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
lin
Ubuntu
Linux kernel (Real-time) vulnerabilities
vendor_ubuntu·2026-02-25·CVSS 5.5
CVE-2025-37899 [MEDIUM] Linux kernel (Real-time) vulnerabilities
Title: Linux kernel (Real-time) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2026-02-25·CVSS 5.5
CVE-2025-22037 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powe
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities
vendor_ubuntu·2026-02-24·CVSS 5.5
CVE-2025-22037 [MEDIUM] Linux kernel (Raspberry Pi Real-time) vulnerabilities
Title: Linux kernel (Raspberry Pi Real-time) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE,
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2025-07-08·CVSS 5.9
CVE-2025-22095 [MEDIUM] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Compute Acceleration Framework;
- ACPI drivers;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bus devices;
- AMD CDX bus driver;
- Clock framework and drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-07-08
CVE-2025-23150 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Ublk userspace block driver;
- Bluetooth drivers;
- Bus devices;
- TPM device driver;
- Clock framework and drivers;
- CPU frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- GP
Ubuntu
Linux kernel (Low Latency) vulnerabilities
vendor_ubuntu·2025-07-04·CVSS 5.9
CVE-2025-22080 [MEDIUM] Linux kernel (Low Latency) vulnerabilities
Title: Linux kernel (Low Latency) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Compute Acceleration Framework;
- ACPI drivers;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bus devices;
- AMD CDX bus driver;
- Clock framework and drive
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-06-30·CVSS 5.9
CVE-2025-22080 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Compute Acceleration Framework;
- ACPI drivers;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bus devices;
- AMD CDX bus driver;
- Clock framework and drivers;
- DMA engi
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2025-06-30·CVSS 5.9
CVE-2025-22070 [MEDIUM] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Compute Acceleration Framework;
- ACPI drivers;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bus devices;
- AMD CDX bus driver;
- Clock framework and drivers;
- DM
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2025-06-26
CVE-2025-23131 Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Ublk userspace block driver;
- Bluetooth drivers;
- Bus devices;
- TPM device driver;
- Clock framework and drivers;
- CPU frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsyst
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-06-24
CVE-2025-23152 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Ublk userspace block driver;
- Bluetooth drivers;
- Bus devices;
- TPM device driver;
- Clock framework and drivers;
- CPU frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- GP
Red Hat
kernel: ksmbd: fix null pointer dereference in alloc_preauth_hash()
vendor_redhat·2025-04-16·CVSS 5.5
CVE-2025-22037 [MEDIUM] CWE-476 kernel: ksmbd: fix null pointer dereference in alloc_preauth_hash()
kernel: ksmbd: fix null pointer dereference in alloc_preauth_hash()
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix null pointer dereference in alloc_preauth_hash()
The Client send malformed smb2 negotiate request. ksmbd return error
response. Subsequently, the client can send smb2 session setup even
thought conn->preauth_info is not allocated.
This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore
session setup request if smb2 negotiate phase is not complete.
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux
Microsoft
ksmbd: fix null pointer dereference in alloc_preauth_hash()
vendor_msrc·2025-04-08·CVSS 5.5
CVE-2025-22037 [MEDIUM] CWE-476 ksmbd: fix null pointer dereference in alloc_preauth_hash()
ksmbd: fix null pointer dereference in alloc_preauth_hash()
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Linux: Linux
Customer Action Required: Yes
Debian
CVE-2025-22037: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix ...
vendor_debian·2025·CVSS 5.5
CVE-2025-22037 [MEDIUM] CVE-2025-22037: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix ...
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.
Scope: local
bookworm: open
bullseye: resolved
forky: resolved (fixed in 6.12.25-1)
sid: resolved (fixed in 6.12.25-1)
trixie: resolved (fixed in 6.12.25-1)
No detection rules found.
No public exploits indexed.
https://git.kernel.org/stable/c/8f216b33a5e1b3489c073b1ea1b3d7cb63c8dc4dhttps://git.kernel.org/stable/c/b8eb243e670ecf30e91524dd12f7260dac07d335https://git.kernel.org/stable/c/c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780https://git.kernel.org/stable/c/ca8bed31edf728a662ef9d6f39f50e7a7dc2b5adhttps://git.kernel.org/stable/c/cce57cd8c5dead24127cf2308fdd60fcad2d6ba6https://www.zerodayinitiative.com/advisories/ZDI-25-310/
2025-04-16
Published