{
  "threat_severity" : "Moderate",
  "public_date" : "2025-09-05T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: cifs: Fix oops due to uninitialised variable",
    "id" : "2393527",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2393527"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-908",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ncifs: Fix oops due to uninitialised variable\nFix smb3_init_transform_rq() to initialise buffer to NULL before calling\nnetfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it\nis given.  Setting it to NULL means it should start a fresh buffer, but the\nvalue is currently undefined." ],
  "statement" : "An unprivileged local user with access to an SMB3 share with encryption enabled can trigger this vulnerability through normal file operations, which due to the encryption will cause transform requests (i.e. encryption/decryption operations).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-12-09T00:00:00Z",
    "advisory" : "RHSA-2025:22854",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "kernel-0:6.12.0-124.20.1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2025-12-10T00:00:00Z",
    "advisory" : "RHSA-2025:23009",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "kernel-0:6.12.0-55.48.1.el10_0"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-38737\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38737\nhttps://lore.kernel.org/linux-cve-announce/2025090544-CVE-2025-38737-4cde@gregkh/T" ],
  "name" : "CVE-2025-38737",
  "csaw" : false
}