Linux Kernel ksmbd Null Pointer Dereference Vulnerability in Kerberos Session Handling

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's ksmbd component, specifically during the handling of Kerberos sessions. When a client sets the PreviousSessionId during the Kerberos session setup, it can lead to a null pointer dereference error. This occurs because the session's user information is not yet populated, allowing a null user argument to be passed to the destroy_previous_session function. The vulnerability has been addressed by modifying the sequence of function calls, ensuring that the user information is set before attempting to destroy the previous session.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash or undefined behavior in the application.

Added: Jul 4, 2025, 3:45 PM

Updated: Jul 4, 2025, 3:45 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ksmbd Null Pointer Dereference Vulnerability in Kerberos Session Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating