Linux Kernel ksmbd Null Pointer Dereference Vulnerability in Preauthentication Hash Allocation

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's ksmbd component. This issue arises when a client sends a malformed SMB2 negotiate request, which ksmbd responds to with an error. However, the client can then send an SMB2 session setup request even though the connection's preauthentication information has not been allocated. The vulnerability has been addressed by modifying the session management to ignore session setup requests if the SMB2 negotiate phase is not yet complete.

Impact

Exploitation of this vulnerability could lead to a null pointer dereference, causing a crash or unintended behavior in the ksmbd component.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ksmbd Null Pointer Dereference Vulnerability in Preauthentication Hash Allocation

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating