APPLIED: [SRU][N/J][PATCH 0/2] CVE-2025-38561
Mehmet Basaran
mehmet.basaran at canonical.com
Sat Dec 13 10:09:23 UTC 2025
Applied to noble:linux and jammy:linux master-next branches. Thanks.
-------------- next part --------------
Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com> writes:
> https://ubuntu.com/security/CVE-2025-38561
>
> [ Impact ]
>
> ksmbd: fix Preauh_HashValue race condition
>
> If client send multiple session setup requests to ksmbd,
> Preauh_HashValue race condition could happen.
> There is no need to free sess->Preauh_HashValue at session setup phase.
> It can be freed together with session at connection termination phase.
>
> [ Fix ]
>
> Backport the fix commit from upstream:
> * 44a3059c4c8cc ksmbd: fix Preauh_HashValue race condition
>
> [ Test Plan ]
>
> Compile tested.
>
> [ Where Problems Could Occur ]
>
> The regression potential is very low.
> The fix simply defers memory deallocation
> from session setup to connection termination,
> where cleanup already occurs.
> The only impact is marginally increased memory consumption
> per session, which is negligible compared to overall session state overhead.
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251213/9cc5abf9/attachment.sig>
More information about the kernel-team
mailing list