CVE-2025-39943

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-39943
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39943.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-39943
Downstream
Published
2025-10-04T07:31:05.581Z
Modified
2026-05-28T03:54:47.325929041Z
Summary
ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: smbdirect: validate dataoffset and datalength field of smbdirectdata_transfer

If dataoffset and datalength of smbdirectdatatransfer struct are invalid, out of bounds issue could happen. This patch validate dataoffset and datalength field in recvdone.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39943.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2ea086e35c3d726a3bacd0a971c1f02a50e98206
Fixed
773fddf976d282ef059c36c575ddb81567acd6bc
Fixed
bdaab5c6538e250a9654127e688ecbbeb6f771d5
Fixed
eb0378dde086363046ed3d7db7f126fc3f76fd70
Fixed
8be498fcbd5b07272f560b45981d4b9e5a2ad885
Fixed
529b121b00a6ee3c88fb3c01b443b2b81f686d48
Fixed
5282491fc49d5614ac6ddcd012e5743eecb6a67c

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39943.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.194
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.154
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.108
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.49
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.16.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39943.json"