CVE-2025-38737

Summary

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix oops due to uninitialised variable

Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it is given. Setting it to NULL means it should start a fresh buffer, but the value is currently undefined.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa2906d3316fc19bf0ade84618bb73eab604c447e < 4931fe2dbe1cc0e7d350a4b51b0b330e43971d98affected
LinuxLinuxa2906d3316fc19bf0ade84618bb73eab604c447e < 6adaa9fae36f848afa7278945d725e197e33c496affected
LinuxLinuxa2906d3316fc19bf0ade84618bb73eab604c447e < 453a6d2a68e54a483d67233c6e1e24c4095ee4beaffected
LinuxLinux6.12affected
LinuxLinux0 < 6.12unaffected
LinuxLinux6.12.44 <= 6.12.*unaffected
LinuxLinux6.16.4 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

References