CVE-2025-38562 in Linux
Summary
by MITRE • 08/19/2025
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix null pointer dereference error in generate_encryptionkey
If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generate_encryptionkey could happen. sess->Preauth_HashValue is set to NULL if session is valid. So this patch skip generate encryption key if session is valid.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 01/09/2026
The vulnerability CVE-2025-38562 affects the Linux kernel's ksmbd implementation, which provides SMB/CIFS file sharing capabilities for Linux systems. This issue represents a null pointer dereference condition that occurs during the authentication process when handling Kerberos 5 authentication requests. The flaw manifests specifically when a client sends two consecutive session setup requests using Kerberos 5 authentication mechanisms, creating a scenario where the system attempts to dereference a null pointer in the encryption key generation routine.
The technical root cause lies in the improper handling of session state management within the ksmbd subsystem. When a valid session is established, the Preauth_HashValue member of the session structure gets set to NULL as part of the authentication validation process. However, the generate_encryptionkey function does not properly check for this null state before attempting to process the encryption key generation. This oversight creates a path where the system attempts to access memory locations that have been explicitly set to NULL, leading to a kernel panic or system crash.
The operational impact of this vulnerability extends beyond simple service disruption, as it represents a potential denial of service condition that could be exploited by malicious actors. Attackers could repeatedly send malformed session setup requests to trigger the null pointer dereference, causing the ksmbd service to crash and potentially affecting file sharing capabilities for legitimate users. The vulnerability affects systems running Linux kernels with ksmbd support, particularly those serving SMB/CIFS shares that utilize Kerberos 5 authentication methods, making it relevant to enterprise environments that rely on secure file sharing protocols.
This vulnerability aligns with CWE-476, which describes null pointer dereference conditions in software implementations, and demonstrates a classic example of improper null pointer validation in kernel space code. The ATT&CK framework categorizes this issue under privilege escalation and denial of service techniques, as it can be leveraged to disrupt system services or potentially create opportunities for further exploitation. The fix implemented in this patch addresses the issue by adding a conditional check that skips encryption key generation when a session is already validated and the Preauth_HashValue is NULL, effectively preventing the null pointer dereference from occurring. Organizations should prioritize applying this patch to maintain system stability and prevent potential exploitation of this denial of service vulnerability in their SMB/CIFS environments.