CVE-2025-38501Uncontrolled Resource Consumption in Linux

CWE-400Uncontrolled Resource Consumption26 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 85.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedAug 16
Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal client connections. This patch limit repeated connections from clients with the same IP.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel5.156.1.148+4
Debianlinux/linux_kernel< 6.1.148-1+2
CVEListV5linux/linux0626e6641f6b467447c81dd7678a69c66f7746cfcb092fc3a62972a4aa47c9fe356c2c6a01cd840b+6

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-54w6-m43p-jffg: In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connect2025-08-16
CVEList
ksmbd: limit repeated connections from clients with the same IP2025-08-16
OSV
CVE-2025-38501: In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connectio2025-08-16

📋Vendor Advisories

22
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Xilinx) vulnerabilities2026-02-24
Ubuntu
Linux kernel (IBM) vulnerabilities2026-02-24
CVE-2025-38501 — Uncontrolled Resource Consumption | cvebase