Linux Kernel Vulnerability in ksmbd SmbDirect Feature
CVE-2025-39942

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2025-39942?

A vulnerability has been identified in the Linux kernel's ksmbd module related to the smbdirect feature. The issue arises from inadequate verification of the remaining data length against the maximum allowable size for fragmented receive operations. This oversight could potentially allow for buffer overflow conditions or improper data handling, leading to various security risks. It is advised that users update their Linux kernel versions to mitigate exposure to this issue.

Affected Version(s)

Linux 2ea086e35c3d726a3bacd0a971c1f02a50e98206 < 196a3a7676d726ee67621ea2bf3b7815ac2685b4

Linux 2ea086e35c3d726a3bacd0a971c1f02a50e98206

Linux 2ea086e35c3d726a3bacd0a971c1f02a50e98206 < 9644798294c7287e65a7b26e35aa6d2ce3345bcc

References

https://git.kernel.org/stable/c/196a3a7676d726ee67621ea2b...

https://git.kernel.org/stable/c/d3cb3f209d35c44b7ee74f77e...

https://git.kernel.org/stable/c/9644798294c7287e65a7b26e3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON