CVE-2025-39942 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size

This is inspired by the check for data_offset + data_length.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/196a3a7676d726ee67621ea2bf3b7815ac2685b4
https://git.kernel.org/stable/c/9644798294c7287e65a7b26e35aa6d2ce3345bcc
https://git.kernel.org/stable/c/c64b915bb3d9339adcae5db4be2c35ffbef5e615
https://git.kernel.org/stable/c/d3cb3f209d35c44b7ee74f77ed27ebb28995b9ce
https://git.kernel.org/stable/c/e1868ba37fd27c6a68e31565402b154beaa65df0

History

Sat, 04 Oct 2025 07:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size This is inspired by the check for data_offset + data_length.
Title		ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size
References		https://git.kernel.org/stable/c/196a3a7676d726ee67621ea2bf3b7815ac2685b4 https://git.kernel.org/stable/c/9644798294c7287e65a7b26e35aa6d2ce3345bcc https://git.kernel.org/stable/c/c64b915bb3d9339adcae5db4be2c35ffbef5e615 https://git.kernel.org/stable/c/d3cb3f209d35c44b7ee74f77ed27ebb28995b9ce https://git.kernel.org/stable/c/e1868ba37fd27c6a68e31565402b154beaa65df0

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-04T07:31:04.810Z

Updated: 2025-10-04T07:31:04.810Z

Reserved: 2025-04-16T07:20:57.148Z

Link: CVE-2025-39942

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-04T08:15:47.230

Modified: 2025-10-04T08:15:47.230

Link: CVE-2025-39942

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-39942", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.148Z", "datePublished": "2025-10-04T07:31:04.810Z", "dateUpdated": "2025-10-04T07:31:04.810Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-04T07:31:04.810Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size\n\nThis is inspired by the check for data_offset + data_length."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/transport_rdma.c"], "versions": [{"version": "2ea086e35c3d726a3bacd0a971c1f02a50e98206", "lessThan": "196a3a7676d726ee67621ea2bf3b7815ac2685b4", "status": "affected", "versionType": "git"}, {"version": "2ea086e35c3d726a3bacd0a971c1f02a50e98206", "lessThan": "d3cb3f209d35c44b7ee74f77ed27ebb28995b9ce", "status": "affected", "versionType": "git"}, {"version": "2ea086e35c3d726a3bacd0a971c1f02a50e98206", "lessThan": "9644798294c7287e65a7b26e35aa6d2ce3345bcc", "status": "affected", "versionType": "git"}, {"version": "2ea086e35c3d726a3bacd0a971c1f02a50e98206", "lessThan": "c64b915bb3d9339adcae5db4be2c35ffbef5e615", "status": "affected", "versionType": "git"}, {"version": "2ea086e35c3d726a3bacd0a971c1f02a50e98206", "lessThan": "e1868ba37fd27c6a68e31565402b154beaa65df0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/transport_rdma.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.154", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.108", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.49", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.9", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.1.154"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.6.108"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.12.49"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.16.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.17"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/196a3a7676d726ee67621ea2bf3b7815ac2685b4"}, {"url": "https://git.kernel.org/stable/c/d3cb3f209d35c44b7ee74f77ed27ebb28995b9ce"}, {"url": "https://git.kernel.org/stable/c/9644798294c7287e65a7b26e35aa6d2ce3345bcc"}, {"url": "https://git.kernel.org/stable/c/c64b915bb3d9339adcae5db4be2c35ffbef5e615"}, {"url": "https://git.kernel.org/stable/c/e1868ba37fd27c6a68e31565402b154beaa65df0"}], "title": "ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size", "x_generator": {"engine": "bippy-1.2.0"}}}}