CVE-2025-39933

Опубликовано: 04 окт. 2025

Источник: redhat

CVSS3: 7.1

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes.

Отчет

SMB Direct client failed to validate data_offset, data_length, and remaining_data_length in SMBD “data transfer” messages. A malicious server can craft values that cause out-of-bounds access in the kernel receive path, leading to memory corruption and potential code execution. A malicious SMB Direct server can trigger a kernel crash on a connected and authenticated Linux client by sending malformed data transfer packets over an active RDMA session.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Affected
Red Hat Enterprise Linux 10	kernel	Fixed	RHSA-2026:2282	09.02.2026
Red Hat Enterprise Linux 10.0 Extended Update Support	kernel	Fixed	RHSA-2026:1727	02.02.2026
Red Hat Enterprise Linux 8	kernel-rt	Fixed	RHSA-2026:0760	19.01.2026
Red Hat Enterprise Linux 8	kernel	Fixed	RHSA-2026:0759	19.01.2026
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	kernel	Fixed	RHSA-2026:3360	25.02.2026
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	kernel	Fixed	RHSA-2026:3360	25.02.2026

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2401432kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

EPSS

Процентиль: 5%

0.00018

Низкий

7.1 High

CVSS3

Связанные уязвимости

CVE-2025-39933

CVSS3: 5.5

ubuntu

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes.

CVE-2025-39933

CVSS3: 5.5

nvd

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes.

CVE-2025-39933

msrc

6 месяцев назад

smb: client: let recv_done verify data_offset, data_length and remaining_data_length

CVE-2025-39933

CVSS3: 5.5

debian

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: s ...

GHSA-2vj6-wmm6-q722

CVSS3: 5.5

github

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes.

EPSS

Процентиль: 5%

0.00018

Низкий

7.1 High

CVSS3