CVE-2025-39943 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer If data_offset and data_length of smb_direct_data_transfer struct are invalid, out of bounds issue could happen. This patch validate data_offset and data_length field in recv_done.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/5282491fc49d5614ac6ddcd012e5743eecb6a67c
https://git.kernel.org/stable/c/529b121b00a6ee3c88fb3c01b443b2b81f686d48
https://git.kernel.org/stable/c/773fddf976d282ef059c36c575ddb81567acd6bc
https://git.kernel.org/stable/c/8be498fcbd5b07272f560b45981d4b9e5a2ad885
https://git.kernel.org/stable/c/bdaab5c6538e250a9654127e688ecbbeb6f771d5
https://git.kernel.org/stable/c/eb0378dde086363046ed3d7db7f126fc3f76fd70

History

Sat, 04 Oct 2025 07:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer If data_offset and data_length of smb_direct_data_transfer struct are invalid, out of bounds issue could happen. This patch validate data_offset and data_length field in recv_done.
Title		ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer
References		https://git.kernel.org/stable/c/5282491fc49d5614ac6ddcd012e5743eecb6a67c https://git.kernel.org/stable/c/529b121b00a6ee3c88fb3c01b443b2b81f686d48 https://git.kernel.org/stable/c/773fddf976d282ef059c36c575ddb81567acd6bc https://git.kernel.org/stable/c/8be498fcbd5b07272f560b45981d4b9e5a2ad885 https://git.kernel.org/stable/c/bdaab5c6538e250a9654127e688ecbbeb6f771d5 https://git.kernel.org/stable/c/eb0378dde086363046ed3d7db7f126fc3f76fd70

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-04T07:31:05.581Z

Updated: 2025-10-04T07:37:03.203Z

Reserved: 2025-04-16T07:20:57.148Z

Link: CVE-2025-39943

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-04T08:15:47.357

Modified: 2025-10-04T08:15:47.357

Link: CVE-2025-39943

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-39943", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.148Z", "datePublished": "2025-10-04T07:31:05.581Z", "dateUpdated": "2025-10-04T07:37:03.203Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-04T07:37:03.203Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer\n\nIf data_offset and data_length of smb_direct_data_transfer struct are\ninvalid, out of bounds issue could happen.\nThis patch validate data_offset and data_length field in recv_done."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/transport_rdma.c"], "versions": [{"version": "2ea086e35c3d726a3bacd0a971c1f02a50e98206", "lessThan": "773fddf976d282ef059c36c575ddb81567acd6bc", "status": "affected", "versionType": "git"}, {"version": "2ea086e35c3d726a3bacd0a971c1f02a50e98206", "lessThan": "bdaab5c6538e250a9654127e688ecbbeb6f771d5", "status": "affected", "versionType": "git"}, {"version": "2ea086e35c3d726a3bacd0a971c1f02a50e98206", "lessThan": "eb0378dde086363046ed3d7db7f126fc3f76fd70", "status": "affected", "versionType": "git"}, {"version": "2ea086e35c3d726a3bacd0a971c1f02a50e98206", "lessThan": "8be498fcbd5b07272f560b45981d4b9e5a2ad885", "status": "affected", "versionType": "git"}, {"version": "2ea086e35c3d726a3bacd0a971c1f02a50e98206", "lessThan": "529b121b00a6ee3c88fb3c01b443b2b81f686d48", "status": "affected", "versionType": "git"}, {"version": "2ea086e35c3d726a3bacd0a971c1f02a50e98206", "lessThan": "5282491fc49d5614ac6ddcd012e5743eecb6a67c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/transport_rdma.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.194", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.154", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.108", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.49", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.9", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "5.15.194"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.1.154"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.6.108"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.12.49"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.16.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.17"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/773fddf976d282ef059c36c575ddb81567acd6bc"}, {"url": "https://git.kernel.org/stable/c/bdaab5c6538e250a9654127e688ecbbeb6f771d5"}, {"url": "https://git.kernel.org/stable/c/eb0378dde086363046ed3d7db7f126fc3f76fd70"}, {"url": "https://git.kernel.org/stable/c/8be498fcbd5b07272f560b45981d4b9e5a2ad885"}, {"url": "https://git.kernel.org/stable/c/529b121b00a6ee3c88fb3c01b443b2b81f686d48"}, {"url": "https://git.kernel.org/stable/c/5282491fc49d5614ac6ddcd012e5743eecb6a67c"}], "title": "ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer", "x_generator": {"engine": "bippy-1.2.0"}}}}