CVE-2025-39933

Summary

In the Linux kernel, the following vulnerability has been resolved:

smb: client: let recv_done verify data_offset, data_length and remaining_data_length

This is inspired by the related server fixes.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf198186aa9bbd60fae7a2061f4feec614d880299 < 581fb78e0388b78911b0c920e4073737090c8b5faffected
LinuxLinuxf198186aa9bbd60fae7a2061f4feec614d880299 < f57e53ea252363234f86674db475839e5b87102eaffected
LinuxLinux4.16affected
LinuxLinux0 < 4.16unaffected
LinuxLinux6.16.9 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References