CVE-2025-38575

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: use aead_request_free to match aead_request_alloc

Use aead_request_free() instead of kfree() to properly free memory allocated by aead_request_alloc(). This ensures sensitive crypto data is zeroed before being freed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxe2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 571b342d4688801fc1f6a1934389dac09425dc93affected
LinuxLinuxe2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < a6b594868268c3a7bfaeced912525cd2c445529aaffected
LinuxLinuxe2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 1de7fec4d3012672e31eeb6679ea60f7ca010ef9affected
LinuxLinuxe2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 3e341dbd5f5a6e5a558e67da80731dc38a7f758caffected
LinuxLinuxe2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < aef10ccd74512c52e30c5ee19d0031850973e78daffected
LinuxLinuxe2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 46caeae23035192b9cc41872c827f30d0233f16eaffected
LinuxLinuxe2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 6171063e9d046ffa46f51579b2ca4a43caef581aaffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.180 <= 5.15.*unaffected
LinuxLinux6.1.134 <= 6.1.*unaffected
LinuxLinux6.6.87 <= 6.6.*unaffected
LinuxLinux6.12.23 <= 6.12.*unaffected
LinuxLinux6.13.11 <= 6.13.*unaffected
LinuxLinux6.14.2 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References