CVE-2025-38501, KSMBDrain# Overview
Proof-of-Concept exploit for KSMBDrain (CVE-2025-38501). It can remotely exhaust the KSMBD server's connection limit.
# Details
A remote attacker can exhaust a KSMBD server’s maximum connection limit by performing a TCP 3-way handshake and then not responding to further packets. By default, the KSMBD server will hold such connections indefinitely, allowing an attacker to consume all available connections. While a timeout can be configured in the user-space configuration file (with a minimum of 1 minute), an attacker from a single IP address can still cause a DoS to the SMB service by repeatedly initiating such connections.
## Affected Version
- introduced in: kernel 5.3, since KSMBD merged into mainline
- fixed in: commit [e6bb9193974059ddbb0ce7763fa3882bd60d4dc3](https://github.com/torvalds/linux/commit/e6bb9193974059ddbb0ce7763fa3882bd60d4dc3)
## Usage
1. start the vulnerable KSMBD server, make sure the network connection to the victim is working
2. change the target IP in `poc.py` as needed, then run the script
# Acknowledgements
I would like to thank [@FFreestanding](https://github.com/FFreestanding) in helping reproducing the bug and developing the PoC.
# Disclaimer
This proof-of-concept (PoC) code is provided for educational and research purposes only.
Use this code responsibly and only on systems you own or have explicit permission to test.
The authors and contributors are not responsible for any misuse or damage caused by this code.
[4.0K] /data/pocs/0ad926fcb553d49dc9eb09b97ceebff9a91ddc3a
├── [1.0K] LICENSE
├── [ 894] poc.py
└── [1.4K] README.md
0 directories, 3 files