[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-38051":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":23,"related":24,"reserved_at":9,"published_at":25,"modified_at":26,"state":9,"summary":27,"references_raw":29,"kevs":36,"epss":9,"epss_history":37,"metrics":38,"affected":44},"DEBIAN-CVE-2025-38051","In the Linux kernel, the following vulnerability has been resolved:  smb: client: Fix use-after-free in cifs_fill_dirent  There is a race condition in the readdir concurrency process, which may access the rsp buffer after it has been released, triggering the following KASAN warning.   ==================================================================  BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs]  Read of size 4 at addr ffff8880099b819c by task a.out/342975   CPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full)  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014  Call Trace:   \u003CTASK>   dump_stack_lvl+0x53/0x70   print_report+0xce/0x640   kasan_report+0xb8/0xf0   cifs_fill_dirent+0xb03/0xb60 [cifs]   cifs_readdir+0x12cb/0x3190 [cifs]   iterate_dir+0x1a1/0x520   __x64_sys_getdents+0x134/0x220   do_syscall_64+0x4b/0x110   entry_SYSCALL_64_after_hwframe+0x76/0x7e  RIP: 0033:0x7f996f64b9f9  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003C48> 3d 01  f0 ff ff  0d f7 c3 0c 00 f7 d8 64 89 8  RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e  RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9  RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003  RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000  R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88  R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000   \u003C/TASK>   Allocated by task 408:   kasan_save_stack+0x20/0x40   kasan_save_track+0x14/0x30   __kasan_slab_alloc+0x6e/0x70   kmem_cache_alloc_noprof+0x117/0x3d0   mempool_alloc_noprof+0xf2/0x2c0   cifs_buf_get+0x36/0x80 [cifs]   allocate_buffers+0x1d2/0x330 [cifs]   cifs_demultiplex_thread+0x22b/0x2690 [cifs]   kthread+0x394/0x720   ret_from_fork+0x34/0x70   ret_from_fork_asm+0x1a/0x30   Freed by task 342979:   kasan_save_stack+0x20/0x40   kasan_save_track+0x14/0x30   kasan_save_free_info+0x3b/0x60   __kasan_slab_free+0x37/0x50   kmem_cache_free+0x2b8/0x500   cifs_buf_release+0x3c/0x70 [cifs]   cifs_readdir+0x1c97/0x3190 [cifs]   iterate_dir+0x1a1/0x520   __x64_sys_getdents64+0x134/0x220   do_syscall_64+0x4b/0x110   entry_SYSCALL_64_after_hwframe+0x76/0x7e   The buggy address belongs to the object at ffff8880099b8000   which belongs to the cache cifs_request of size 16588  The buggy address is located 412 bytes inside of   freed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc)   The buggy address belongs to the physical page:  page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8  head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0  anon flags: 0x80000000000040(head|node=0|zone=1)  page_type: f5(slab)  raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001  raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000  head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001  head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000  head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff  head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008  page dumped because: kasan: bad access detected   Memory state around the buggy address:   ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb   ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb  >ffff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb                              ^   ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb   ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb  ==================================================================  POC is available in the link [1].  The problem triggering process is as follows:  Process 1                       Process 2 ----------------------------------- ---truncated---",null,[],[],[],[14],{"_key":15},"CVE-2025-38051",[17,19,21],{"_key":18},"DLA-4327-1",{"_key":20},"DLA-4328-1",{"_key":22},"DSA-5973-1",[],[],"2025-06-18T10:15:37.693Z","2026-04-28T20:29:51.317956Z",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[30],{"url":31,"sources":32,"tags":34},"https://security-tracker.debian.org/tracker/CVE-2025-38051",[33],"osv_debian",[35],"Advisory",[],[],[39],{"source":33,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":40,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":9,"vectorString":41,"impactScore":42,"exploitabilityScore":43},"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,2.6,[45,64],{"ecosystem":46,"name":47,"vendor":48,"product":47,"cpe_part":9,"purl_type":49,"purl_namespace":48,"purl_name":47,"source":9,"versions":50},"Debian","linux","debian","deb",[51,57,60,63],{"version":52,"is_range":53,"range_type":54,"version_start":9,"version_start_type":9,"version_end":55,"version_end_type":56,"fixed_in":9},"lt5_10_244_1",true,"ecosystem","5.10.244-1","excluding",{"version":58,"is_range":53,"range_type":54,"version_start":9,"version_start_type":9,"version_end":59,"version_end_type":56,"fixed_in":9},"lt6_1_147_1","6.1.147-1",{"version":61,"is_range":53,"range_type":54,"version_start":9,"version_start_type":9,"version_end":62,"version_end_type":56,"fixed_in":9},"lt6_12_32_1","6.12.32-1",{"version":61,"is_range":53,"range_type":54,"version_start":9,"version_start_type":9,"version_end":62,"version_end_type":56,"fixed_in":9},{"ecosystem":46,"name":65,"vendor":48,"product":65,"cpe_part":9,"purl_type":49,"purl_namespace":48,"purl_name":65,"source":9,"versions":66},"linux-6.1",[67],{"version":68,"is_range":53,"range_type":54,"version_start":9,"version_start_type":9,"version_end":69,"version_end_type":56,"fixed_in":9},"lt6_1_153_1~deb11u1","6.1.153-1~deb11u1"]