CVE-2025-39933
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2025-10-04
Last updated on: 2026-03-25
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
smb: client: let recv_done verify data_offset, data_length and remaining_data_length
This is inspired by the related server fixes.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 4.16 (inc) to 6.16.9 (exc) |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's SMB client involves improper verification of data_offset, data_length, and remaining_data_length in the recv_done function. The fix ensures these values are properly checked to prevent potential issues.
How can this vulnerability impact me? :
If exploited, this vulnerability could lead to incorrect handling of SMB client data, potentially causing data corruption, crashes, or security issues related to improper data processing.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70