CVE-2025-38092

Published: July 3, 2025Last modified: July 3, 2025

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use list_first_entry_or_null for opinfo_get_list() The list_first_entry() macro never returns NULL. If the list is empty then it returns an invalid pointer. Use list_first_entry_or_null() to check if the list is empty.

Severity score breakdown

Parameter	Value
Base score	5.5
Attack Vector	LOCAL
Attack complexity	LOW
Privileges required	LOW
User interaction	NONE
Scope	UNCHANGED
Confidentiality	NONE
Integrity impact	NONE
Availability impact	HIGH
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	linux-lts	Not affected (6.1.33-r0)
	25 LTS	linux-lts	Not affected (6.6.89-r0)
	Stream	linux-lts	Not affected (6.1.33-r0)

References

https://git.kernel.org/stable/c/10379171f346e6f61d30d9949500a8de4336444a
https://git.kernel.org/stable/c/334da674b25fdb7a1a4d4b89dcd7795144fc7e11
https://git.kernel.org/stable/c/c78abb646ff823e7d22faad4cc0703d4484da9e8
https://git.kernel.org/stable/c/cb7e06e9736d73007dc8dab7b353733bb37df86b