### Critical Vulnerability Information - **Vulnerability Name**: Linux Kernel ksmbd smb2_sess_setup Preauth_HashValue Race Condition Remote Code Execution Vulnerability - **Vulnerability IDs**: - ZDI-25-916 - ZDI-CAN-27661 - CVE-2025-38561 - **CVSS Score**: 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) - **Affected Vendor**: Linux - **Affected Product**: Kernel - **Vulnerability Details**: - Remote attackers can execute arbitrary code on affected Linux Kernel installations. Exploiting this vulnerability requires authentication. - The specific issue lies in the handling of the Preauth_HashValue field, caused by a lack of proper locking mechanisms when performing operations on the object. Attackers can leverage this vulnerability to execute code in kernel context. - **Additional Details**: Linux has released updates to fix this vulnerability. More details can be found at: [https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=44a3059c4c8cc635a1fb2afd692d0730ca1ba4b6](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=44a3059c4c8cc635a1fb2afd692d0730ca1ba4b6) - **Disclosure Timeline**: - 2025-07-22: Vulnerability reported to vendor - 2025-09-24: Coordinated public advisory release - 2025-09-24: Advisory update - **Discoverer**: Nicholas Zubrisky (@NZubrisky) of Trend Research