ACK: [SRU][N/J][PATCH 0/2] CVE-2025-38561
Tim Whisonant
tim.whisonant at canonical.com
Tue Dec 2 02:41:07 UTC 2025
On Wed, Nov 26, 2025 at 03:29:12PM +0100, Massimiliano Pellizzer wrote:
> https://ubuntu.com/security/CVE-2025-38561
>
> [ Impact ]
>
> ksmbd: fix Preauh_HashValue race condition
>
> If client send multiple session setup requests to ksmbd,
> Preauh_HashValue race condition could happen.
> There is no need to free sess->Preauh_HashValue at session setup phase.
> It can be freed together with session at connection termination phase.
>
> [ Fix ]
>
> Backport the fix commit from upstream:
> * 44a3059c4c8cc ksmbd: fix Preauh_HashValue race condition
>
> [ Test Plan ]
>
> Compile tested.
>
> [ Where Problems Could Occur ]
>
> The regression potential is very low.
> The fix simply defers memory deallocation
> from session setup to connection termination,
> where cleanup already occurs.
> The only impact is marginally increased memory consumption
> per session, which is negligible compared to overall session state overhead.
>
>
> --
Acked-by: Tim Whisonant <tim.whisonant at canonical.com>
More information about the kernel-team
mailing list