CVE-2025-38575

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aead_request_free to match aead_request_alloc Use aead_request_free() instead of kfree() to properly free memory allocated by aead_request_alloc(). This ensures sensitive crypto data is zeroed before being freed.

Reserved 2025-04-16 | Published 2025-04-18 | Updated 2025-05-26 | Assigner Linux

Product status

Default status
unaffected

e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 before 571b342d4688801fc1f6a1934389dac09425dc93
affected

e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 before a6b594868268c3a7bfaeced912525cd2c445529a
affected

e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 before 1de7fec4d3012672e31eeb6679ea60f7ca010ef9
affected

e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 before 3e341dbd5f5a6e5a558e67da80731dc38a7f758c
affected

e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 before aef10ccd74512c52e30c5ee19d0031850973e78d
affected

e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 before 46caeae23035192b9cc41872c827f30d0233f16e
affected

e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 before 6171063e9d046ffa46f51579b2ca4a43caef581a
affected

Default status
affected

5.15
affected

Any version before 5.15
unaffected

5.15.180
unaffected

6.1.134
unaffected

6.6.87
unaffected

6.12.23
unaffected

6.13.11
unaffected

6.14.2
unaffected

6.15
unaffected

References

git.kernel.org/...c/571b342d4688801fc1f6a1934389dac09425dc93

git.kernel.org/...c/a6b594868268c3a7bfaeced912525cd2c445529a

git.kernel.org/...c/1de7fec4d3012672e31eeb6679ea60f7ca010ef9

git.kernel.org/...c/3e341dbd5f5a6e5a558e67da80731dc38a7f758c

git.kernel.org/...c/aef10ccd74512c52e30c5ee19d0031850973e78d

git.kernel.org/...c/46caeae23035192b9cc41872c827f30d0233f16e

git.kernel.org/...c/6171063e9d046ffa46f51579b2ca4a43caef581a

cve.org (CVE-2025-38575)

nvd.nist.gov (CVE-2025-38575)

Download JSON