CVE-2025-38737

Published: Sep 5, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it is given. Setting it to NULL means it should start a fresh buffer, but the value is currently undefined.

Vendor	Product	Versions
Linux	Linux	affected `a2906d3316fc19bf0ade84618bb73eab604c447e - < 4931fe2dbe1cc0e7d350a4b51b0b330e43971d98` affected `a2906d3316fc19bf0ade84618bb73eab604c447e - < 6adaa9fae36f848afa7278945d725e197e33c496` affected `a2906d3316fc19bf0ade84618bb73eab604c447e - < 453a6d2a68e54a483d67233c6e1e24c4095ee4be`
Linux	Linux	affected `6.12` unaffected `0 - < 6.12` unaffected `6.12.44 - <= 6.12.` unaffected `6.16.4 - <= 6.16.` unaffected `6.17 - <= *`

References

https://git.kernel.org/stable/c/4931fe2dbe1cc0e7d350a4b51b0b330e43971d98

https://git.kernel.org/stable/c/6adaa9fae36f848afa7278945d725e197e33c496

https://git.kernel.org/stable/c/453a6d2a68e54a483d67233c6e1e24c4095ee4be

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-38737

Description

Affected Products

References