CVE-2025-38501

HIGH

Linux Kernel - Denial of Service via Repeated ksmbd Connections from Same IP

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-38501. PoCs published by keymaker-arch.

AI-analyzed exploit summary This PoC exploits CVE-2025-38501 by performing a TCP 3-way handshake with a KSMBD server and then not responding, exhausting the server's connection limit and causing a DoS. The script uses Scapy to craft and send TCP packets.

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal client connections. This patch limit repeated connections from clients with the same IP.

Exploits (1)

nomisec WORKING POC 3 stars

by keymaker-arch · poc

https://github.com/keymaker-arch/KSMBDrain

View Code ZIP pw:eip

This PoC exploits CVE-2025-38501 by performing a TCP 3-way handshake with a KSMBD server and then not responding, exhausting the server's connection limit and causing a DoS. The script uses Scapy to craft and send TCP packets.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Linux kernel KSMBD server (versions 5.3 to commit e6bb9193974059ddbb0ce7763fa3882bd60d4dc3)

No auth needed

Prerequisites: Network access to the target KSMBD server · Root privileges to run Scapy

MITRE ATT&CK