CVE-2025-38561Race Condition in Linux

CWE-362Race ConditionCWE-125Out-of-bounds Read34 documents8 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 91.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedAug 19
Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Preauh_HashValue race condition If client send multiple session setup requests to ksmbd, Preauh_HashValue race condition could happen. There is no need to free sess->Preauh_HashValue at session setup phase. It can be freed together with session at connection termination phase.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.156.1.148+4
Debianlinux/linux_kernel< 6.1.148-1+2
Ubuntulinux/linux_kernel< 6.8.0-94.96
CVEListV5linux/linux0626e6641f6b467447c81dd7678a69c66f7746cffbf5c0845ed15122a770bca9be1d9b60b470d3aa+6

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

13
OSV
linux-lowlatency, linux-xilinx vulnerabilities2026-02-20
OSV
linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-ibm, linux-ibm-6.8, linux-lowlatency-hwe-6.8 vulnerabilities2026-02-11
OSV
linux-aws-5.15, linux-gcp-5.15, linux-nvidia-tegra-igx, linux-oracle-5.15, linux-xilinx-zynqmp vulnerabilities2026-02-11
OSV
linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities2026-02-06
OSV
linux, linux-gke, linux-gkeop, linux-hwe-6.8, linux-oracle, linux-oracle-6.8, linux-raspi vulnerabilities2026-02-04

📋Vendor Advisories

20
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Kernel Live Patch Security Notice2026-03-04
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel vulnerabilities2026-02-11
CVE-2025-38561 — Race Condition in Linux | cvebase