Out Of Bounds Vulnerability in Linux Kernel Affecting SMB Direct Data Transfer
CVE-2025-39943

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2025-39943?

A vulnerability in the Linux kernel's implementation of SMB Direct allows for potential out of bounds issues. Specifically, the fields data_offset and data_length in the smb_direct_data_transfer structure may be exploited if they are invalid. This could lead to unintended behavior during data transfer operations. A patch has been applied to validate these fields in the recv_done function, addressing the potential risk associated with improper handling of the data parameters.

Affected Version(s)

Linux 2ea086e35c3d726a3bacd0a971c1f02a50e98206 < 773fddf976d282ef059c36c575ddb81567acd6bc

Linux 2ea086e35c3d726a3bacd0a971c1f02a50e98206

References

https://git.kernel.org/stable/c/773fddf976d282ef059c36c57...

https://git.kernel.org/stable/c/bdaab5c6538e250a9654127e6...

https://git.kernel.org/stable/c/eb0378dde086363046ed3d7db...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON