VYPR
Get started
← All advisories
High severity7.1NVD Advisory· Published Oct 4, 2025· Updated Apr 6, 2026

CVE-2025-39943

CVE-2025-39943

Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer

If data_offset and data_length of smb_direct_data_transfer struct are invalid, out of bounds issue could happen. This patch validate data_offset and data_length field in recv_done.

Affected products

9
  • Linux/Kernel9 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.15.1,<5.15.194
    • cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:5.15:rc7:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.17:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.17:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.17:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.17:rc6:*:*:*:*:*:*

Patches

6
773fddf976d2
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
bdaab5c6538e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
eb0378dde086
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
8be498fcbd5b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
529b121b00a6
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
5282491fc49d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

News mentions

0

No linked articles in our index yet.