Hello, A security vulnerability in the Linux kernel KSMBD subsystem has been assigned CVE-2025-38501. This issue allows a remote attacker to exhaust the KSMBD server's TCP connection limit and prevent other normal client connections.
Details: - CVE: CVE-2025-38501 - Subsystem: KSMBD - Impact: Remote Denial of Service (exhaust KSMBD server's max connections) - Affected versions: Since KSMBD merged into kernel main line in 5.15 - Fixed in: Upstream commit e6bb9193974059ddbb0ce7763fa3882bd60d4dc3 Description: A remote attacker can exhaust a KSMBD server’s maximum connection limit by performing a TCP 3-way handshake and then not responding to further packets. By default, the KSMBD server will hold such connections indefinitely, allowing an attacker to consume all available connections. While a timeout can be configured in the user-space configuration file (with a minimum of 1 minute), an attacker from a single IP address can still cause a DoS to the SMB service by repeatedly initiating such connections. Reproducer: A public proof-of-concept (PoC) is available at: https://github.com/keymaker-arch/KSMBDrain Timeline: - Reported to Linux kernel community: 2025-08-01 - Patch merged upstream: 2025-08-08 - CVE assigned and public: 2025-08-18 Best regards, Tianshuo Han
