CVE-2025-22037 | THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.

Reserved 2024-12-29 | Published 2025-04-16 | Updated 2025-05-26 | Assigner Linux

Product status

Default status

unaffected

0626e6641f6b467447c81dd7678a69c66f7746cf before ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad

affected

0626e6641f6b467447c81dd7678a69c66f7746cf before 8f216b33a5e1b3489c073b1ea1b3d7cb63c8dc4d

affected

0626e6641f6b467447c81dd7678a69c66f7746cf before b8eb243e670ecf30e91524dd12f7260dac07d335

affected

0626e6641f6b467447c81dd7678a69c66f7746cf before c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780

affected

Default status

affected

5.15

affected

Any version before 5.15

unaffected

6.12.23

unaffected

6.13.11

unaffected

6.14.2

unaffected

6.15

unaffected

References

git.kernel.org/...c/ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad

git.kernel.org/...c/8f216b33a5e1b3489c073b1ea1b3d7cb63c8dc4d

git.kernel.org/...c/b8eb243e670ecf30e91524dd12f7260dac07d335

git.kernel.org/...c/c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780

cve.org (CVE-2025-22037)

nvd.nist.gov (CVE-2025-22037)

Download JSON

https://cve.threatint.eu/CVE/CVE-2025-22037

Support options

Helpdesk Chat, Email, Knowledgebase