CVE-2025-38501

Published Aug 16, 2025

Last updated 9 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-38501 is a denial-of-service vulnerability in the Linux kernel's KSMBD (SMB Direct) implementation. It stems from the way KSMBD handles half-open TCP connections. An unauthenticated, remote attacker can exploit this by initiating numerous TCP connections to the KSMBD server but then failing to complete the handshake. The server continues to hold these incomplete connections, which exhausts the maximum connection limit and prevents legitimate SMB traffic. This vulnerability, dubbed "KSMBDrain," affects Linux kernel versions 5.3 onward. A proof-of-concept exploit demonstrates how an attacker can flood a server with SYN packets, causing the server to indefinitely hold sockets open. By repeatedly sending SYN packets, the attacker saturates the server's connection limit, effectively halting file transfers and authentication services. A patch has been implemented to limit repeated connections from the same IP address.

Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal client connections. This patch limit repeated connections from clients with the same IP.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Awaiting Analysis

Hype score: Not currently trending

References

Sources include official advisories and independent security research.

Overview

AI description

Social media

References