CVE-2025-38561

MEDIUM

Linux Kernel 5.15-6.1.147 6.2-6.6.101 6.7-6.12.41 6.13-6.15.9 6.16 - Race Condition in ksmbd Session Setup

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-38561. PoCs published by toshithh.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-38561, a race condition in ksmbd's Preauh_HashValue handling. The exploit sends multiple SMB session setup requests in parallel to trigger the race condition, potentially causing a denial of service or other unintended behavior.

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Preauh_HashValue race condition If client send multiple session setup requests to ksmbd, Preauh_HashValue race condition could happen. There is no need to free sess->Preauh_HashValue at session setup phase. It can be freed together with session at connection termination phase.

Exploits (1)

github WORKING POC

by toshithh · pythonpoc

https://github.com/toshithh/CVE-2025-38561

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-38561, a race condition in ksmbd's Preauh_HashValue handling. The exploit sends multiple SMB session setup requests in parallel to trigger the race condition, potentially causing a denial of service or other unintended behavior.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Racy

Target: ksmbd (Linux kernel SMB server)

No auth needed

Prerequisites: Network access to target's SMB port (445) · Pre-captured SMB negotiate and session setup packets

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (8)

Core 8

Core References

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Patch

https://git.kernel.org/stable/c/fbf5c0845ed15122a770bca9be1d9b60b470d3aa

Patch

https://git.kernel.org/stable/c/b69fd87076daa66f3d186bd421a7b0ee0cb45829

Patch

https://git.kernel.org/stable/c/edeecc7871e8fc0878d53ce286c75040a0e38f6c

Patch

https://git.kernel.org/stable/c/7d7c0c5304c88bcbd7a85e9bcd61d27e998ba5fc

Patch

https://git.kernel.org/stable/c/6613887da1d18dd2ecfd6c6148a873c4d903ebdc

Patch

https://git.kernel.org/stable/c/44a3059c4c8cc635a1fb2afd692d0730ca1ba4b6

Third Party Advisory

https://www.zerodayinitiative.com/advisories/ZDI-25-916/

Scores

CVSS v3 4.7

EPSS 0.0007

EPSS Percentile 22.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-362

Status published

Products (21)

debian/debian_linux 11.0

linux/Kernel 5.15.0 - 6.1.148linux

linux/Kernel 6.13.0 - 6.15.10linux

linux/Kernel 6.16.0 - 6.16.1linux

linux/Kernel 6.2.0 - 6.6.102linux

linux/Kernel 6.7.0 - 6.12.42linux

Linux/Linux < 5.15

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 44a3059c4c8cc635a1fb2afd692d0730ca1ba4b6

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 6613887da1d18dd2ecfd6c6148a873c4d903ebdc

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 7d7c0c5304c88bcbd7a85e9bcd61d27e998ba5fc

... and 11 more

Published Aug 19, 2025

Tracked Since Feb 18, 2026