CVE-2025-38562 – A null pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2025-38562?

CVE-2025-38562 has a CVSS score of 5.5 (MEDIUM). A null pointer dereference vulnerability in the Linux kernel's ksmbd module could cause kernel crashes or denial of service when clients send multiple Kerberos-authenticated session setup requests. This affects systems using ksmbd (kernel SMB server) with Kerberos authentication enabled. The vulnerability has a CVSS score of 5.5 (Medium severity).

📋 TL;DR

A null pointer dereference vulnerability in the Linux kernel's ksmbd module could cause kernel crashes or denial of service when clients send multiple Kerberos-authenticated session setup requests. This affects systems using ksmbd (kernel SMB server) with Kerberos authentication enabled. The vulnerability has a CVSS score of 5.5 (Medium severity).

💻 Affected Systems

Products:

Linux kernel with ksmbd module enabled

Versions: Linux kernel versions with vulnerable ksmbd code (specific versions not specified in CVE, but patches available in stable branches)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when ksmbd module is loaded and Kerberos authentication is enabled for SMB shares. Many systems don't use ksmbd by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and complete denial of service, requiring physical or remote console access to reboot the system.

🟠

Likely Case

Kernel crash or system instability affecting SMB file sharing services, causing temporary service disruption until system recovery.

🟢

If Mitigated

Minimal impact with proper monitoring and rapid recovery procedures in place; service interruption limited to minutes.

🌐 Internet-Facing: MEDIUM - Systems exposing SMB services directly to the internet could be targeted, but exploitation requires Kerberos authentication and specific conditions.

🏢 Internal Only: LOW - Requires authenticated access and specific client behavior; internal threat actors would need valid Kerberos credentials and knowledge of the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires Kerberos authentication and sending specific malformed session setup requests. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in Linux kernel stable releases (commits: 015ef163d65496ae3ba6192c96140a22743f0353, 2a30ed6428ce83afedca1a6c5c5c4247bcf12d0e, 96a82e19434a2522525baab59c33332658bc7653, 9b493ab6f35178afd8d619800df9071992f715de, 9c2dbbc959e1fcc6f603a1a843e9cf743ba383bb)

Vendor Advisory: https://git.kernel.org/stable/c/015ef163d65496ae3ba6192c96140a22743f0353

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify ksmbd module loads correctly after reboot.

🔧 Temporary Workarounds

Disable ksmbd module

Linux

Unload ksmbd kernel module if not required for your use case

sudo rmmod ksmbd
echo 'blacklist ksmbd' | sudo tee /etc/modprobe.d/ksmbd-blacklist.conf

Disable Kerberos authentication for SMB

Linux

Configure ksmbd to use only NTLM authentication instead of Kerberos

# Edit ksmbd configuration to remove Kerberos options
# Restart ksmbd service after configuration changes

🧯 If You Can't Patch

Monitor system logs for kernel panic or crash events related to ksmbd
Implement network segmentation to restrict access to SMB services

🔍 How to Verify

Check if Vulnerable:

Check if ksmbd module is loaded: 'lsmod | grep ksmbd'. If loaded and using Kerberos authentication, system may be vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched releases and verify ksmbd module loads without errors in system logs.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
ksmbd crash logs in /var/log/kern.log or journalctl
SMB session setup failures with Kerberos

Network Indicators:

Multiple SMB session setup requests from same client with Kerberos authentication
Abnormal SMB traffic patterns

SIEM Query:

source="kernel" AND ("panic" OR "Oops") AND "ksmbd" OR source="ksmbd" AND "session setup" AND "krb5"

📊 Metadata

CVE ID: CVE-2025-38562

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.01% exploit probability (2.4th percentile)

Published: August 19, 2025

Last Updated: January 8, 2026

🔗 References

https://git.kernel.org/stable/c/015ef163d65496ae3ba6192c96140a22743f0353 Patch
https://git.kernel.org/stable/c/2a30ed6428ce83afedca1a6c5c5c4247bcf12d0e Patch
https://git.kernel.org/stable/c/96a82e19434a2522525baab59c33332658bc7653 Patch
https://git.kernel.org/stable/c/9b493ab6f35178afd8d619800df9071992f715de Patch
https://git.kernel.org/stable/c/9c2dbbc959e1fcc6f603a1a843e9cf743ba383bb Patch
https://git.kernel.org/stable/c/d79c8bebaa622ee223128be7c66d8aaeeb634a57 Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-917/ Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38562, you might also want to check these: