CVE-2025-38575

MEDIUM EPSS 12.3%
Published Apr 18, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aead_request_free to match aead_request_alloc Use aead_request_free() instead of kfree() to properly free memory allocated by aead_request_alloc(). This ensures sensitive crypto data is zeroed before being freed.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
12.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥5.15  –  <5.15.180
linuxlinux_kernel*≥5.16  –  <6.1.134
linuxlinux_kernel*≥6.2  –  <6.6.87
linuxlinux_kernel*≥6.7  –  <6.12.23
linuxlinux_kernel*≥6.13  –  <6.13.11
linuxlinux_kernel*≥6.14  –  <6.14.2
debiandebian_linux11.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/1de7fec4d3012672e31eeb6679ea60f7ca010ef9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3e341dbd5f5a6e5a558e67da80731dc38a7f758c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46caeae23035192b9cc41872c827f30d0233f16e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/571b342d4688801fc1f6a1934389dac09425dc93
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6171063e9d046ffa46f51579b2ca4a43caef581a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a6b594868268c3a7bfaeced912525cd2c445529a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aef10ccd74512c52e30c5ee19d0031850973e78d
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1de7fec4d3012672e31eeb6679ea60f7ca010ef9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3e341dbd5f5a6e5a558e67da80731dc38a7f758c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46caeae23035192b9cc41872c827f30d0233f16e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/571b342d4688801fc1f6a1934389dac09425dc93
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6171063e9d046ffa46f51579b2ca4a43caef581a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a6b594868268c3a7bfaeced912525cd2c445529a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aef10ccd74512c52e30c5ee19d0031850973e78d
    Patch