Login Sign Up

CVE-2024-57925

7.1 HIGH
Denial of Service

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's ksmbd SMB server module. If exploited, it could lead to kernel crashes or potential privilege escalation. Systems running affected Linux kernel versions with ksmbd enabled are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions with the vulnerable ksmbd code (check git commits for exact ranges)
Operating Systems: Linux distributions with ksmbd support
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if ksmbd module is loaded and SMB server is running. Many distributions don't enable ksmbd by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel mode if combined with other vulnerabilities.

🟠

Likely Case

Denial of service through kernel crash when processing malformed SMB requests.

🟢

If Mitigated

No impact if ksmbd module is not loaded or properly firewalled.

🌐 Internet-Facing: MEDIUM - SMB servers exposed to untrusted networks could be targeted.
🏢 Internal Only: LOW - Requires internal attacker with network access to SMB service.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to send SMB requests to the vulnerable service. No public exploit available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits (271ae0edbfc942795c162e6cf20d2bc02bd7fde4 and related)

Vendor Advisory: https://git.kernel.org/stable/c/271ae0edbfc942795c162e6cf20d2bc02bd7fde4

Restart Required: Yes

Instructions:

1. Update to patched kernel version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify ksmbd module loads correctly if needed.

🔧 Temporary Workarounds

Disable ksmbd module

all

Unload ksmbd module if not required

sudo modprobe -r ksmbd
echo 'blacklist ksmbd' | sudo tee /etc/modprobe.d/ksmbd-blacklist.conf

Block SMB ports

all

Firewall SMB ports (445/tcp, 139/tcp)

sudo iptables -A INPUT -p tcp --dport 445 -j DROP
sudo iptables -A INPUT -p tcp --dport 139 -j DROP

🧯 If You Can't Patch

  • Disable ksmbd module if not essential for operations
  • Implement strict network segmentation and firewall rules to limit SMB access

🔍 How to Verify

Check if Vulnerable:

Check if ksmbd module is loaded: lsmod | grep ksmbd. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify running kernel version includes fix commits. Check dmesg for ksmbd-related crashes.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in dmesg/syslog
  • ksmbd crash logs
  • SMB connection attempts followed by system instability

Network Indicators:

  • Unusual SMB traffic patterns to port 445
  • Multiple failed SMB connections

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "ksmbd")

📊 Metadata

CVE ID: CVE-2024-57925
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-476
EPSS Score: 0.05% exploit probability (16.5th percentile)
Published: January 19, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57925, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)