ACK: [SRU][N/J][PATCH 0/2] CVE-2025-38561
Philip Cox
philip.cox at canonical.com
Thu Nov 27 16:54:12 UTC 2025
On 2025-11-26 9:29 a.m., Massimiliano Pellizzer wrote:
> https://ubuntu.com/security/CVE-2025-38561
>
> [ Impact ]
>
> ksmbd: fix Preauh_HashValue race condition
>
> If client send multiple session setup requests to ksmbd,
> Preauh_HashValue race condition could happen.
> There is no need to free sess->Preauh_HashValue at session setup phase.
> It can be freed together with session at connection termination phase.
>
> [ Fix ]
>
> Backport the fix commit from upstream:
> * 44a3059c4c8cc ksmbd: fix Preauh_HashValue race condition
>
> [ Test Plan ]
>
> Compile tested.
>
> [ Where Problems Could Occur ]
>
> The regression potential is very low.
> The fix simply defers memory deallocation
> from session setup to connection termination,
> where cleanup already occurs.
> The only impact is marginally increased memory consumption
> per session, which is negligible compared to overall session state overhead.
>
>
Both N and J patches are
Acked-by: Philip Cox <philip.cox at canonical.com>
More information about the kernel-team
mailing list