CVE-2025-39933

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-39933

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39933.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-39933

Downstream

BELL-CVE-2025-39933

DEBIAN-CVE-2025-39933

ECHO-5456-532e-b855

RHSA-2026:0759

RHSA-2026:0760

RHSA-2026:0793

RHSA-2026:1727

RHSA-2026:2282

RHSA-2026:2759

RHSA-2026:2766

RHSA-2026:3267

RHSA-2026:3268

RHSA-2026:3277

RHSA-2026:3293

RHSA-2026:3358

RHSA-2026:3360

RHSA-2026:3375

RLSA-2026:0759

RLSA-2026:0760

RLSA-2026:0793

RLSA-2026:2282

ROOT-OS-DEBIAN-11-CVE-2025-39933

ROOT-OS-DEBIAN-12-CVE-2025-39933

ROOT-OS-DEBIAN-13-CVE-2025-39933

ROOT-OS-UBUNTU-2204-CVE-2025-39933

ROOT-OS-UBUNTU-2404-CVE-2025-39933

UBUNTU-CVE-2025-39933

Related

Published

2025-10-04T07:30:57.496Z

Modified

2026-03-20T12:43:06.665379Z

Summary

smb: client: let recv_done verify data_offset, data_length and remaining_data_length

Details

In the Linux kernel, the following vulnerability has been resolved:

smb: client: let recvdone verify dataoffset, datalength and remainingdata_length

This is inspired by the related server fixes.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39933.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

f198186aa9bbd60fae7a2061f4feec614d880299

Fixed

581fb78e0388b78911b0c920e4073737090c8b5f

Fixed

f57e53ea252363234f86674db475839e5b87102e

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39933.json"