CVE-2025-38092

MEDIUM

Linux Kernel 6.6.88-6.6.92, 6.12.25-6.12.31, 6.14.4-6.14.9 - NULL Pointer Dereference in ksmbd opinfo_get_list()

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use list_first_entry_or_null for opinfo_get_list() The list_first_entry() macro never returns NULL. If the list is empty then it returns an invalid pointer. Use list_first_entry_or_null() to check if the list is empty.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/c78abb646ff823e7d22faad4cc0703d4484da9e8

Patch

https://git.kernel.org/stable/c/334da674b25fdb7a1a4d4b89dcd7795144fc7e11

Patch

https://git.kernel.org/stable/c/cb7e06e9736d73007dc8dab7b353733bb37df86b

Patch

https://git.kernel.org/stable/c/10379171f346e6f61d30d9949500a8de4336444a

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 3.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (12)

linux/Kernel 6.12.25 - 6.12.32linux

linux/Kernel 6.14.4 - 6.14.10linux

linux/Kernel 6.6.88 - 6.6.93linux

Linux/Linux 18b4fac5ef17f77fed9417d22210ceafd6525fc7 - 10379171f346e6f61d30d9949500a8de4336444a

Linux/Linux 296cb5457cc6f4a754c4ae29855f8a253d52bcc6 - c78abb646ff823e7d22faad4cc0703d4484da9e8

Linux/Linux 6.12.25 - 6.12.32

Linux/Linux 6.14.4 - 6.14.10

Linux/Linux 6.6.88 - 6.6.93

Linux/Linux d54ab1520d43e95f9b2e22d7a05fc9614192e5a5 - 334da674b25fdb7a1a4d4b89dcd7795144fc7e11

Linux/Linux d73686367ad68534257cd88a36ca3c52cb8b81d8 - cb7e06e9736d73007dc8dab7b353733bb37df86b

... and 2 more

Published Jul 02, 2025

Tracked Since Feb 18, 2026