CVE-2025-39943

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer

If data_offset and data_length of smb_direct_data_transfer struct are invalid, out of bounds issue could happen. This patch validate data_offset and data_length field in recv_done.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2ea086e35c3d726a3bacd0a971c1f02a50e98206 < 773fddf976d282ef059c36c575ddb81567acd6bcaffected
LinuxLinux2ea086e35c3d726a3bacd0a971c1f02a50e98206 < bdaab5c6538e250a9654127e688ecbbeb6f771d5affected
LinuxLinux2ea086e35c3d726a3bacd0a971c1f02a50e98206 < eb0378dde086363046ed3d7db7f126fc3f76fd70affected
LinuxLinux2ea086e35c3d726a3bacd0a971c1f02a50e98206 < 8be498fcbd5b07272f560b45981d4b9e5a2ad885affected
LinuxLinux2ea086e35c3d726a3bacd0a971c1f02a50e98206 < 529b121b00a6ee3c88fb3c01b443b2b81f686d48affected
LinuxLinux2ea086e35c3d726a3bacd0a971c1f02a50e98206 < 5282491fc49d5614ac6ddcd012e5743eecb6a67caffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.194 <= 5.15.*unaffected
LinuxLinux6.1.154 <= 6.1.*unaffected
LinuxLinux6.6.108 <= 6.6.*unaffected
LinuxLinux6.12.49 <= 6.12.*unaffected
LinuxLinux6.16.9 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

References