CVE-2025-38561 – A race condition vulnerability exists in the Li... (How to Fix)

Q: What is the severity of CVE-2025-38561?

CVE-2025-38561 has a CVSS score of 4.7 (MEDIUM). A race condition vulnerability exists in the Linux kernel's ksmbd (SMB server) component where multiple concurrent session setup requests could cause improper handling of Preauth_HashValue memory. This could lead to memory corruption or crashes affecting systems running vulnerable Linux kernel versions with ksmbd enabled.

📋 TL;DR

A race condition vulnerability exists in the Linux kernel's ksmbd (SMB server) component where multiple concurrent session setup requests could cause improper handling of Preauth_HashValue memory. This could lead to memory corruption or crashes affecting systems running vulnerable Linux kernel versions with ksmbd enabled.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific kernel versions with vulnerable ksmbd commits (check git references for exact ranges)

Operating Systems: Linux distributions with ksmbd support

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if ksmbd module is loaded and SMB server functionality is enabled.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory corruption leading to kernel panic, denial of service, or potential privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

Denial of service through kernel crashes or system instability when handling multiple SMB session setup requests.

🟢

If Mitigated

Minimal impact with proper network segmentation and limited SMB exposure.

🌐 Internet-Facing: MEDIUM - SMB servers exposed to the internet could be targeted for DoS attacks.

🏢 Internal Only: LOW - Requires authenticated SMB access and specific timing conditions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to send multiple concurrent SMB session setup requests with precise timing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/44a3059c4c8cc635a1fb2afd692d0730ca1ba4b6

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Rebuild kernel if compiling from source. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable ksmbd module

Linux

Prevent loading of vulnerable ksmbd kernel module

echo 'blacklist ksmbd' >> /etc/modprobe.d/blacklist-ksmbd.conf
rmmod ksmbd

Restrict SMB access

Linux

Limit SMB connections using firewall rules

iptables -A INPUT -p tcp --dport 445 -j DROP
iptables -A INPUT -p tcp --dport 139 -j DROP

🧯 If You Can't Patch

Implement network segmentation to isolate SMB servers
Monitor for abnormal SMB session setup patterns

🔍 How to Verify

Check if Vulnerable:

Check if ksmbd module is loaded: lsmod | grep ksmbd

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains fix commits: uname -r and check against patched versions

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
ksmbd crash messages in dmesg
Multiple failed SMB session attempts

Network Indicators:

Unusual volume of SMB session setup requests
Multiple concurrent SMB connections from single source

SIEM Query:

source="kernel" AND "ksmbd" AND ("panic" OR "crash" OR "BUG")

📊 Metadata

CVE ID: CVE-2025-38561

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-362

EPSS Score: 0.03% exploit probability (6.5th percentile)

Published: August 19, 2025

Last Updated: January 7, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38561, you might also want to check these: