cve 2025 38488

About this tag
CVE-2025-38488 is a Linux kernel vulnerability in the SMB client's cryptographic message handling. The bug occurs in the crypt_message function, which could free internal AEAD request buffers prematurely when hardware crypto drivers perform operations asynchronously. This leads to a use-after-free condition, potentially causing system crashes or memory corruption. The issue originated from a previous change that removed async completion tracking. The fix restores proper completion handling to ensure buffers are freed only after asynchronous operations finish. This vulnerability is relevant for systems using encrypted SMB mounts and should be prioritized for patching. While the tag is associated with WindowsForum.com, the content specifically addresses a Linux kernel issue.
  1. Linux Kernel SMB Crypto UAF Fix: Restoring Async Completion

    The Linux kernel received a targeted fix for a dangerous lifetime bug in its SMB client: crypt_message could free internal AEAD request buffers too early when hardware crypto drivers performed operations asynchronously, producing a kernel-level use‑after‑free that led to crashes and potential...