CVE-2025-38191
Published: Jul 4, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in destroy_previous_session If client set ->PreviousSessionId on kerberos session setup stage, NULL pointer dereference error will happen. Since sess->user is not set yet, It can pass the user argument as NULL to destroy_previous_session. sess->user will be set in ksmbd_krb5_authenticate(). So this patch move calling destroy_previous_session() after ksmbd_krb5_authenticate().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 0626e6641f6b467447c81dd7678a69c66f7746cf - < 281afc52e2961cd5dd8326ebc9c5bc40904c0468affected 0626e6641f6b467447c81dd7678a69c66f7746cf - < 0902625a24eea7fdc187faa5d97df244d159dd6eaffected 0626e6641f6b467447c81dd7678a69c66f7746cf - < 1193486dffb7432a09f57f5d09049b4d4123538baffected 0626e6641f6b467447c81dd7678a69c66f7746cf - < 076f1adefb9837977af7ed233883842ddc446644affected 0626e6641f6b467447c81dd7678a69c66f7746cf - < 7ac5b66acafcc9292fb935d7e03790f2b8b2dc0e |
Linux | Linux | affected 5.15unaffected 0 - < 5.15unaffected 6.1.142 - <= 6.1.*unaffected 6.6.95 - <= 6.6.*unaffected 6.12.35 - <= 6.12.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now