CVE-2025-22037

MEDIUM

Linux kernel - Null Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.

References (6)

Core 6

Core References

Patch

https://git.kernel.org/stable/c/cce57cd8c5dead24127cf2308fdd60fcad2d6ba6

Patch

https://git.kernel.org/stable/c/ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad

Patch

https://git.kernel.org/stable/c/8f216b33a5e1b3489c073b1ea1b3d7cb63c8dc4d

Patch

https://git.kernel.org/stable/c/b8eb243e670ecf30e91524dd12f7260dac07d335

Patch

https://git.kernel.org/stable/c/c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780

Third Party Advisory

https://www.zerodayinitiative.com/advisories/ZDI-25-310/

Scores

CVSS v3 5.5

EPSS 0.2328

EPSS Percentile 97.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (17)

linux/Kernel 5.15.0 - 6.6.107linux

linux/Kernel 6.13.0 - 6.13.11linux

linux/Kernel 6.14.0 - 6.14.2linux

linux/Kernel 6.7.0 - 6.12.23linux

Linux/Linux < 5.15

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 8f216b33a5e1b3489c073b1ea1b3d7cb63c8dc4d

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - b8eb243e670ecf30e91524dd12f7260dac07d335

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - cce57cd8c5dead24127cf2308fdd60fcad2d6ba6

... and 7 more

Published Apr 16, 2025

Tracked Since Feb 18, 2026