DEBIAN-CVE-2025-38501

DEBIAN-CVE-2025-38501 PUBLISHED CVSS 7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal client connections. This patch limit repeated connections from clients with the same IP.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	linux	0, *, 6.12.43-1
Debian:11	linux-6.1	6.1.112-1, 6.1.106-3, 6.1.106-3
Debian:12	linux	0, 0, 6.1.106-2
Debian:14	linux	6.13~rc7-1~exp1, 6.13~rc6-1~exp1, 6.13.9-1~exp1

Exploit Intelligence

CVE-2025-38501, KSMBDrain (github-poc)
4081.3.6.yml (github-poc)

Timeline

Aug 16, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-38501 advisory

Open in Interactive Console →