CVE-2025-38501

HIGH

Linux Kernel < 6.1.148 - Denial of Service

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal client connections. This patch limit repeated connections from clients with the same IP.

Exploits (1)

nomisec WORKING POC 3 stars

by keymaker-arch · poc

https://github.com/keymaker-arch/KSMBDrain

View Code ZIP pw:eip

References (9)

[Patch] https://git.kernel.org/stable/c/6073afe64510c302b7a0683a01e32c012eff715d

[Patch] https://git.kernel.org/stable/c/7e5d91d3e6c62a9755b36f29c35288f06c3cd86b

[Patch] https://git.kernel.org/stable/c/cb092fc3a62972a4aa47c9fe356c2c6a01cd840b

[Patch] https://git.kernel.org/stable/c/e6bb9193974059ddbb0ce7763fa3882bd60d4dc3

[Patch] https://git.kernel.org/stable/c/f1ce9258bcbce2491f9f71f7882b6eed0b33ec65

[Patch] https://git.kernel.org/stable/c/fa1c47af4ff641cf9197ecdb1f8240cbb30389c1

[Mailing List] http://www.openwall.com/lists/oss-security/2025/09/15/2

[Third Party Advisory] https://github.com/keymaker-arch/KSMBDrain

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Scores

CVSS v3 7.5

EPSS 0.0005

EPSS Percentile 16.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (21)

debian/debian_linux 11.0

linux/Kernel 5.15.0 - 6.1.148linux

linux/Kernel 6.13.0 - 6.15.10linux

linux/Kernel 6.16.0 - 6.16.1linux

linux/Kernel 6.2.0 - 6.6.102linux

linux/Kernel 6.7.0 - 6.12.42linux

Linux/Linux < 5.15

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 6073afe64510c302b7a0683a01e32c012eff715d

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 7e5d91d3e6c62a9755b36f29c35288f06c3cd86b

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - cb092fc3a62972a4aa47c9fe356c2c6a01cd840b

... and 11 more

Published Aug 16, 2025

Tracked Since Feb 18, 2026