{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-39975", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.150Z", "datePublished": "2025-10-15T07:55:56.951Z", "dateUpdated": "2025-10-15T07:55:56.951Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-15T07:55:56.951Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix wrong index reference in smb2_compound_op()\n\nIn smb2_compound_op(), the loop that processes each command's response\nuses wrong indices when accessing response bufferes.\n\nThis incorrect indexing leads to improper handling of command results.\nAlso, if incorrectly computed index is greather than or equal to\nMAX_COMPOUND, it can cause out-of-bounds accesses."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/smb2inode.c"], "versions": [{"version": "5ddcc9e92d54548219985ce4de88618fb53e14ec", "lessThan": "ba7bcfd52c66dd1c2dfa5142aca7e4a70b62dfa5", "status": "affected", "versionType": "git"}, {"version": "efe8db3ecaa40a8520dc9a54283dcecd82ceea9c", "lessThan": "bfb1e2aad1fecef8320fd71332acde0d53a8d699", "status": "affected", "versionType": "git"}, {"version": "3681c74d342db75b0d641ba60de27bf73e16e66b", "lessThan": "093615fc76063ea08d454ba86677ce64c736e806", "status": "affected", "versionType": "git"}, {"version": "3681c74d342db75b0d641ba60de27bf73e16e66b", "lessThan": "fbe2dc6a9c7318f7263f5e4d50f6272b931c5756", "status": "affected", "versionType": "git"}, {"version": "77aefd1d9b790f60634adebbdcfffbe934f41c34", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/smb2inode.c"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.109", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.50", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.10", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.75", "versionEndExcluding": "6.6.109"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.12", "versionEndExcluding": "6.12.50"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.16.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ba7bcfd52c66dd1c2dfa5142aca7e4a70b62dfa5"}, {"url": "https://git.kernel.org/stable/c/bfb1e2aad1fecef8320fd71332acde0d53a8d699"}, {"url": "https://git.kernel.org/stable/c/093615fc76063ea08d454ba86677ce64c736e806"}, {"url": "https://git.kernel.org/stable/c/fbe2dc6a9c7318f7263f5e4d50f6272b931c5756"}], "title": "smb: client: fix wrong index reference in smb2_compound_op()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix wrong index reference in smb2_compound_op()\n\nIn smb2_compound_op(), the loop that processes each command's response\nuses wrong indices when accessing response bufferes.\n\nThis incorrect indexing leads to improper handling of command results.\nAlso, if incorrectly computed index is greather than or equal to\nMAX_COMPOUND, it can cause out-of-bounds accesses."}], "id": "CVE-2025-39975", "lastModified": "2025-10-16T15:29:11.563", "metrics": {}, "published": "2025-10-15T08:15:35.273", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/093615fc76063ea08d454ba86677ce64c736e806"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ba7bcfd52c66dd1c2dfa5142aca7e4a70b62dfa5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bfb1e2aad1fecef8320fd71332acde0d53a8d699"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fbe2dc6a9c7318f7263f5e4d50f6272b931c5756"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: smb: client: fix wrong index reference in smb2_compound_op()", "id": "2404106", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404106"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nsmb: client: fix wrong index reference in smb2_compound_op()\nIn smb2_compound_op(), the loop that processes each command's response\nuses wrong indices when accessing response bufferes.\nThis incorrect indexing leads to improper handling of command results.\nAlso, if incorrectly computed index is greather than or equal to\nMAX_COMPOUND, it can cause out-of-bounds accesses."], "name": "CVE-2025-39975", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-10-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-39975\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-39975\nhttps://lore.kernel.org/linux-cve-announce/2025101557-CVE-2025-39975-d1a3@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-10-20T13:27:14.133378+00:00", "updated": "2025-10-20T13:27:14.133401+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}