CVE-2025-38488

smb: client: fix use-after-free in crypt_message when using async crypto

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in crypt_message when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from
crypt_message(), assuming all crypto operations are synchronous.
However, when hardware crypto accelerators are used, this can cause
use-after-free crashes: crypt_message() // Allocate the creq buffer containing the req creq = smb2_get_aead_req(..., &req); // Async encryption returns -EINPROGRESS immediately rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); // Free creq while async operation is still in progress kvfree_sensitive(creq, ...); Hardware crypto modules often implement async AEAD operations for
performance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,
the operation completes asynchronously. Without crypto_wait_req(),
the function immediately frees the request buffer, leading to crashes
when the driver later accesses the freed memory. This results in a use-after-free condition when the hardware crypto
driver later accesses the freed request structure, leading to kernel
crashes with NULL pointer dereferences. The issue occurs because crypto_alloc_aead() with mask=0 doesn't
guarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in
the mask, async implementations can be selected. Fix by restoring the async crypto handling:
- DECLARE_CRYPTO_WAIT(wait) for completion tracking
- aead_request_set_callback() for async completion notification
- crypto_wait_req() to wait for operation completion This ensures the request buffer isn't freed until the crypto operation
completes, whether synchronous or asynchronous, while preserving the
CVE-2024-50047 fix.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrección del use-after-free en crypt_message al usar criptografía asíncrona. La corrección CVE-2024-50047 eliminó el manejo de criptografía asíncrona de crypt_message(), asumiendo que todas las operaciones de criptografía son síncronas. Sin embargo, cuando se usan aceleradores de criptografía de hardware, esto puede causar fallos de use-after-free: crypt_message() // Asignar el búfer creq que contiene la solicitud creq = smb2_get_aead_req(..., &req); // El cifrado asíncrono devuelve -EINPROGRESS inmediatamente rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); // Liberar creq mientras la operación asíncrona aún está en progreso kvfree_sensitive(creq, ...); Los módulos de criptografía de hardware a menudo implementan operaciones AEAD asíncronas para mejorar el rendimiento. Cuando crypto_aead_encrypt/decrypt() devuelve -EINPROGRESS, la operación se completa de forma asíncrona. Sin crypto_wait_req(), la función libera inmediatamente el búfer de solicitud, lo que provoca fallos cuando el controlador accede posteriormente a la memoria liberada. Esto genera una condición de use-after-free cuando el controlador de cifrado de hardware accede posteriormente a la estructura de solicitud liberada, lo que provoca fallos del kernel con desreferencias de punteros NULL. El problema se produce porque crypto_alloc_aead() con mask=0 no garantiza la operación síncrona. Incluso sin CRYPTO_ALG_ASYNC en la máscara, se pueden seleccionar implementaciones asíncronas. Solución restaurando el manejo de criptografía asíncrona: - DECLARE_CRYPTO_WAIT(wait) para seguimiento de finalización - aead_request_set_callback() para notificación de finalización asíncrona - crypto_wait_req() para esperar a que se complete la operación Esto garantiza que el búfer de solicitud no se libere hasta que se complete la operación de criptografía, ya sea sincrónica o asincrónica, al tiempo que se conserva la corrección CVE-2024-50047.

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in crypt_message when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from crypt_message(), assuming all crypto operations are synchronous. However, when hardware crypto accelerators are used, this can cause use-after-free crashes: crypt_message() // Allocate the creq buffer containing the req creq = smb2_get_aead_req(..., &req); // Async encryption returns -EINPROGRESS immediately rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); // Free creq while async operation is still in progress kvfree_sensitive(creq, ...); Hardware crypto modules often implement async AEAD operations for performance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS, the operation completes asynchronously. Without crypto_wait_req(), the function immediately frees the request buffer, leading to crashes when the driver later accesses the freed memory. This results in a use-after-free condition when the hardware crypto driver later accesses the freed request structure, leading to kernel crashes with NULL pointer dereferences. The issue occurs because crypto_alloc_aead() with mask=0 doesn't guarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in the mask, async implementations can be selected. Fix by restoring the async crypto handling: - DECLARE_CRYPTO_WAIT(wait) for completion tracking - aead_request_set_callback() for async completion notification - crypto_wait_req() to wait for operation completion This ensures the request buffer isn't freed until the crypto operation completes, whether synchronous or asynchronous, while preserving the CVE-2024-50047 fix.

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-07-28 CVE Published
2025-11-03 CVE Updated
2026-04-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/8f14a476abba13144df5434871a7225fd29af633	Vuln. Introduced
https://git.kernel.org/stable/c/ef51c0d544b1518b35364480317ab6d3468f205d	Vuln. Introduced
https://git.kernel.org/stable/c/bce966530fd5542bbb422cb45ecb775f7a1a6bc3	Vuln. Introduced
https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995	Vuln. Introduced
https://git.kernel.org/stable/c/b0abcd65ec545701b8793e12bc27dc98042b151a	Vuln. Introduced
https://git.kernel.org/stable/c/538c26d9bf70c90edc460d18c81008a4e555925a	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5d047b12f86cc3b9fde1171c02d9bccf4dba0632	2025-08-28
https://git.kernel.org/stable/c/6550b2bef095d0dd2d2c8390d2ea4c3837028833	2025-08-28
https://git.kernel.org/stable/c/9a1d3e8d40f151c2d5a5f40c410e6e433f62f438	2025-07-24
https://git.kernel.org/stable/c/15a0a5de49507062bc3be4014a403d8cea5533de	2025-07-24
https://git.kernel.org/stable/c/2a76bc2b24ed889a689fb1c9015307bf16aafb5b	2025-07-24
https://git.kernel.org/stable/c/8ac90f6824fc44d2e55a82503ddfc95defb19ae0	2025-07-24
https://git.kernel.org/stable/c/b220bed63330c0e1733dc06ea8e75d5b9962b6b6	2025-07-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.237 < 5.10.241 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.237 < 5.10.241"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.181 < 5.15.190 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.181 < 5.15.190"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.128 < 6.1.147 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.128 < 6.1.147"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.57 < 6.6.100 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.57 < 6.6.100"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.12 < 6.12.40 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.12 < 6.12.40"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.12 < 6.15.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.12 < 6.15.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.12 < 6.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.12 < 6.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.11.4 Search vendor "Linux" for product "Linux Kernel" and version "6.11.4"		en		Affected