Linux Kernel KSMBD Remote Code Execution Vulnerability

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A critical remote code execution vulnerability has been identified in the Linux Kernel’s KSMBD (in-kernel SMB server), tracked as CVE-2025-38561. This flaw allows remote attackers to execute arbitrary code with kernel-level privileges by sending specially crafted SMB2 packets to a vulnerable system.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2025-38561: The vulnerability stems from improper validation of SMB2 requests within the KSMBD component, leading to a heap-based buffer overflow. When exploited, attackers can gain full control of the affected system without authentication, enabling privilege escalation, data theft, and potential lateral movement across networks. The issue is classified as high severity with a CVSS v3.1 score of 8.5, given its potential for unauthenticated remote exploitation.

This vulnerability poses a severe risk to Linux servers running KSMBD, particularly those exposed to untrusted networks. Exploitation could allow adversaries to compromise critical infrastructure, deploy malware, or establish persistent access within enterprise environments.

RECOMMENDATION:

We recommend you refer below mentioned link to apply patches for CVE-2025-38561: https://nvd.nist.gov/vuln/detail/CVE-2025-38561

REFERENCES:

The following reports contain further technical details:

https://cybersecuritynews.com/linux-kernel-ksmbd-vulnerability/

[/emaillocker]

Recent Advisories

X-VPN Installer Hijacked to Spread STX RAT Malware

June 22, 2026

py7zr Arbitrary File Write Vulnerability

June 22, 2026

Containerd Vulnerability Results in Host Log Access

June 22, 2026

Network-AI Vulnerability Allows Arbitrary Command Execution

June 22, 2026

Linux Kernel KSMBD Remote Code Execution Vulnerability

Recent Advisories

Report an Incident