{"id":"CVE-2025-38728","summary":"smb3: fix for slab out of bounds on mount to ksmbd","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix for slab out of bounds on mount to ksmbd\n\nWith KASAN enabled, it is possible to get a slab out of bounds\nduring mount to ksmbd due to missing check in parse_server_interfaces()\n(see below):\n\n BUG: KASAN: slab-out-of-bounds in\n parse_server_interfaces+0x14ee/0x1880 [cifs]\n Read of size 4 at addr ffff8881433dba98 by task mount/9827\n\n CPU: 5 UID: 0 PID: 9827 Comm: mount Tainted: G\n OE       6.16.0-rc2-kasan #2 PREEMPT(voluntary)\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: Dell Inc. Precision Tower 3620/0MWYPT,\n BIOS 2.13.1 06/14/2019\n Call Trace:\n  \u003cTASK\u003e\n dump_stack_lvl+0x9f/0xf0\n print_report+0xd1/0x670\n __virt_addr_valid+0x22c/0x430\n ? parse_server_interfaces+0x14ee/0x1880 [cifs]\n ? kasan_complete_mode_report_info+0x2a/0x1f0\n ? parse_server_interfaces+0x14ee/0x1880 [cifs]\n   kasan_report+0xd6/0x110\n   parse_server_interfaces+0x14ee/0x1880 [cifs]\n   __asan_report_load_n_noabort+0x13/0x20\n   parse_server_interfaces+0x14ee/0x1880 [cifs]\n ? __pfx_parse_server_interfaces+0x10/0x10 [cifs]\n ? trace_hardirqs_on+0x51/0x60\n SMB3_request_interfaces+0x1ad/0x3f0 [cifs]\n ? __pfx_SMB3_request_interfaces+0x10/0x10 [cifs]\n ? SMB2_tcon+0x23c/0x15d0 [cifs]\n smb3_qfs_tcon+0x173/0x2b0 [cifs]\n ? __pfx_smb3_qfs_tcon+0x10/0x10 [cifs]\n ? cifs_get_tcon+0x105d/0x2120 [cifs]\n ? do_raw_spin_unlock+0x5d/0x200\n ? cifs_get_tcon+0x105d/0x2120 [cifs]\n ? __pfx_smb3_qfs_tcon+0x10/0x10 [cifs]\n cifs_mount_get_tcon+0x369/0xb90 [cifs]\n ? dfs_cache_find+0xe7/0x150 [cifs]\n dfs_mount_share+0x985/0x2970 [cifs]\n ? check_path.constprop.0+0x28/0x50\n ? save_trace+0x54/0x370\n ? __pfx_dfs_mount_share+0x10/0x10 [cifs]\n ? __lock_acquire+0xb82/0x2ba0\n ? __kasan_check_write+0x18/0x20\n cifs_mount+0xbc/0x9e0 [cifs]\n ? __pfx_cifs_mount+0x10/0x10 [cifs]\n ? do_raw_spin_unlock+0x5d/0x200\n ? cifs_setup_cifs_sb+0x29d/0x810 [cifs]\n cifs_smb3_do_mount+0x263/0x1990 [cifs]","aliases":["ECHO-ef08-08ab-0264"],"modified":"2026-04-21T02:27:40.152604312Z","published":"2025-09-04T15:33:26.039Z","related":["SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:0316-1","SUSE-SU-2026:20012-1","SUSE-SU-2026:20015-1","SUSE-SU-2026:20021-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2025:20172-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38728.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/7d34ec36abb84fdfb6632a0f2cbda90379ae21fc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8de33d4d72e8fae3502ec3850bd7b14e7c7328b6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9bdb8e98a0073c73ab3e6c631ec78877ceb64565"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a0620e1525663edd8c4594f49fb75fe5be4724b0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a542f93a123555d09c3ce8bc947f7b56ad8e6463"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f6eda5b0e8f8123564c5b34f5801d63243032eac"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38728.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38728"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fe856be475f7cf5ffcde57341d175ce9fd09434b"},{"fixed":"9bdb8e98a0073c73ab3e6c631ec78877ceb64565"},{"fixed":"a0620e1525663edd8c4594f49fb75fe5be4724b0"},{"fixed":"8de33d4d72e8fae3502ec3850bd7b14e7c7328b6"},{"fixed":"a542f93a123555d09c3ce8bc947f7b56ad8e6463"},{"fixed":"f6eda5b0e8f8123564c5b34f5801d63243032eac"},{"fixed":"7d34ec36abb84fdfb6632a0f2cbda90379ae21fc"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38728.json"}}],"schema_version":"1.7.5"}