Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

Linux dances the samba… but hits a race condition. A critical flaw threatens the kernel.

Redazione RHC : 25 September 2025 16:24

Trend Research researcher Nicholas Zubrisky has reported a critical vulnerability in the ksmbd component of the Linux kernel that allows remote attackers to execute arbitrary code with maximum system privileges. The vulnerability, identified as CVE-2025-38561, affects all distributions that use the built-in ksmbd-based SMB server.

The crash was related to the handling of the Preauth_HashValue field during SMB2 session creation. The developers made a thread synchronization error: the lack of a memory access lock created a race condition when multiple processes simultaneously modified the same object. This caused memory corruption and thread switching, paving the way for arbitrary code execution in kernel space.

To exploit this vulnerability, an attacker requires valid credentials, but this doesn’t reduce the severity of the risk. Many organizations provide access to SMB services on both internal and external networks, which means accounts can be hijacked or reused. A successful attack provides complete control of the system, including the ability to install malware and disable the infrastructure.

The vulnerability was privately reported on July 22, 2025, and publicly disclosed on September 24, following the publication of the vulnerability advisory . The issue received a CVSS score of 8.5, which takes into account the network vector, the low privilege level required, and the lack of user interaction.

The fix is already included in current Linux kernel releases: correct locking mechanisms have been added to prevent race conditions when using Preauth_HashValue . Administrators are advised to:

  • identify nodes running vulnerable kernel versions;
  • immediately install the latest updates from the stable branch or distribution providers;
  • reboot the machines to activate the fixes;
  • Review the rules for accessing SMB services and, if necessary, restrict them through network segmentation.

Please note that there are no workarounds or workarounds : the only way to resolve the issue is to update the kernel. Users of distributions with long-term support should monitor their vendor for security updates.

Nicholas Zubrisky has already received recognition for his responsible disclosure of the vulnerability, and the Linux community emphasizes that timely administrator response is critical to protecting enterprise environments and storage servers.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli