CVE-2025-38501
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal client connections. This patch limit repeated connections from clients with the same IP.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.15%• Percentile: 36%
Techniques & Countermeasures
- CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
Affected Systems
- debian•debian_linux
11.0
- linux•linux
≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < cb092fc3a62972a4aa47c9fe356c2c6a01cd840b | ≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < fa1c47af4ff641cf9197ecdb1f8240cbb30389c1 | ≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < 7e5d91d3e6c62a9755b36f29c35288f06c3cd86b | ≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < f1ce9258bcbce2491f9f71f7882b6eed0b33ec65 | ≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < 6073afe64510c302b7a0683a01e32c012eff715d | ≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < e6bb9193974059ddbb0ce7763fa3882bd60d4dc3 | 5.15
- linux•linux_kernel
≥ 5.15, < 6.1.148 | ≥ 6.2, < 6.6.102 | ≥ 6.7, < 6.12.42 | ≥ 6.13, < 6.15.10 | ≥ 6.16, < 6.16.1
References (9)
- https://git.kernel.org/stable/c/cb092fc3a62972a4aa47c9fe356c2c6a01cd840b
- https://git.kernel.org/stable/c/fa1c47af4ff641cf9197ecdb1f8240cbb30389c1
- https://git.kernel.org/stable/c/7e5d91d3e6c62a9755b36f29c35288f06c3cd86b
- https://git.kernel.org/stable/c/f1ce9258bcbce2491f9f71f7882b6eed0b33ec65
- https://git.kernel.org/stable/c/6073afe64510c302b7a0683a01e32c012eff715d
- https://git.kernel.org/stable/c/e6bb9193974059ddbb0ce7763fa3882bd60d4dc3
- https://github.com/keymaker-arch/KSMBDrain
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- http://www.openwall.com/lists/oss-security/2025/09/15/2