Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-f39x-mp5j-46f3

Опубликовано: 04 июл. 2025
Источник: github
Github: Не прошло ревью

Описание

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix null pointer dereference in destroy_previous_session

If client set ->PreviousSessionId on kerberos session setup stage, NULL pointer dereference error will happen. Since sess->user is not set yet, It can pass the user argument as NULL to destroy_previous_session. sess->user will be set in ksmbd_krb5_authenticate(). So this patch move calling destroy_previous_session() after ksmbd_krb5_authenticate().

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix null pointer dereference in destroy_previous_session

If client set ->PreviousSessionId on kerberos session setup stage, NULL pointer dereference error will happen. Since sess->user is not set yet, It can pass the user argument as NULL to destroy_previous_session. sess->user will be set in ksmbd_krb5_authenticate(). So this patch move calling destroy_previous_session() after ksmbd_krb5_authenticate().

Ссылки

EPSS

Процентиль: 5%
0.00024
Низкий

CVE ID

CVE-2025-38191

Связанные уязвимости

redhat логотип

CVE-2025-38191

CVSS3: 5.5
redhat
около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in destroy_previous_session If client set ->PreviousSessionId on kerberos session setup stage, NULL pointer dereference error will happen. Since sess->user is not set yet, It can pass the user argument as NULL to destroy_previous_session. sess->user will be set in ksmbd_krb5_authenticate(). So this patch move calling destroy_previous_session() after ksmbd_krb5_authenticate().

nvd логотип

CVE-2025-38191

nvd
около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in destroy_previous_session If client set ->PreviousSessionId on kerberos session setup stage, NULL pointer dereference error will happen. Since sess->user is not set yet, It can pass the user argument as NULL to destroy_previous_session. sess->user will be set in ksmbd_krb5_authenticate(). So this patch move calling destroy_previous_session() after ksmbd_krb5_authenticate().

debian логотип

CVE-2025-38191

debian
около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: k ...

EPSS

Процентиль: 5%
0.00024
Низкий

CVE ID

CVE-2025-38191