CVE-2025-39942

MEDIUMNVD 5.55.5—

5.5

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size

This is inspired by the check for data_offset + data_length.

CVSS v3: 5.5
EG Score: 5.5(medium)
EPSS: 3.1%
KEV: Not listed

Published

October 4, 2025

Last Modified

March 25, 2026

References (5)

416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/196a3a7676d726ee67621ea2bf3b7815ac2685b4
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9644798294c7287e65a7b26e35aa6d2ce3345bcc
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c64b915bb3d9339adcae5db4be2c35ffbef5e615
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d3cb3f209d35c44b7ee74f77ed27ebb28995b9ce
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e1868ba37fd27c6a68e31565402b154beaa65df0

Patch Availability(10)

Vendor / Ecosystem	Fixed in / Patch	Released	Source
ubuntu	linux-virtual-hwe-22.04-edge (6.8.0-106.106~22.04.1) @ jammy	2026-05-29	ubuntu
ubuntu	linux-tools-nvidia-lowlatency-64k-6.8 (6.8.0-1049.52.1) @ noble	2026-05-29	ubuntu
ubuntu	linux-tools-gcp-fips-6.8 (6.8.0-1052.55+fips1) @ noble	2026-05-29	ubuntu
ubuntu	linux-tools-raspi-realtime-6.8 (6.8.0-2040.41) @ noble	2026-05-29	ubuntu
ubuntu	linux-tools-realtime-6.8.1 (6.8.1-1045.46) @ noble	2026-05-29	ubuntu
ubuntu	linux-tools-aws-edge (6.8.0-1050.53~22.04.1) @ jammy	2026-05-29	ubuntu
ubuntu	linux-tools-azure-edge (6.8.0-1051.57~22.04.1) @ jammy	2026-05-29	ubuntu
ubuntu	linux-tools-azure-lts-24.04 (6.8.0-1051.57) @ noble	2026-05-29	ubuntu
ubuntu	linux-tools-azure-fips-6.8 (6.8.0-1052.58+fips1) @ noble	2026-05-29	ubuntu
ubuntu	linux-xilinx-zynqmp (6.8.0.1029.30) @ noble	2026-05-29	ubuntu

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

All Vendor Advisories

(11)

Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.

Data Freshness Timeline

(refreshed 8× in last 7d / 29× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

2026-06-16 17:52 UTCEPSS rescore
2026-06-16 17:52 UTCEPSS rescore
2026-06-14 23:17 UTCEPSS rescore
2026-06-13 23:00 UTCEPSS rescore
2026-06-12 23:11 UTCEPSS rescore
2026-06-11 14:00 UTCEPSS rescore
2026-06-10 22:18 UTCEPSS rescore
2026-06-10 13:22 UTCEPSS rescore
2026-06-08 14:16 UTCEPSS rescore
2026-06-08 14:16 UTCEPSS rescore
2026-06-07 15:24 UTCEPSS rescore
2026-06-06 13:47 UTCEPSS rescore
2026-06-06 13:47 UTCEPSS rescore
2026-06-05 22:46 UTCEPSS rescore
2026-06-05 22:46 UTCEPSS rescore
2026-06-05 06:10 UTCEPSS rescore
2026-06-05 06:10 UTCEPSS rescore
2026-06-04 13:12 UTCEPSS rescore
2026-06-04 13:12 UTCEPSS rescore
2026-06-02 20:12 UTCEPSS rescore
2026-06-01 13:51 UTCEPSS rescore
2026-06-01 13:51 UTCEPSS rescore
2026-05-31 22:30 UTCEPSS rescore
2026-05-31 22:30 UTCEPSS rescore
2026-05-31 00:16 UTCEPSS rescore

Show 4 more

2026-05-29 21:32 UTCEG score recompute
2026-05-29 21:32 UTCVendor advisory
2026-05-29 21:32 UTCGHSA enrichment
2026-05-29 13:44 UTCEPSS rescore

Frequently asked(5)

What is CVE-2025-39942?

CVE-2025-39942 is a medium vulnerability published on October 4, 2025. In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: verify remainingdatalength respects maxfragmentedrecv_size This is inspired by the check for dataoffset + datalength.

When was CVE-2025-39942 disclosed?

CVE-2025-39942 was first published in the National Vulnerability Database on October 4, 2025, with the most recent update on March 25, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2025-39942 actively exploited?

CVE-2025-39942 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 3.1% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

What is the CVSS score of CVE-2025-39942?

CVE-2025-39942 has a CVSS v3 base score of 5.5 (NVD).

How do I remediate CVE-2025-39942?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2025-39942, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2025-39942

Explore →

Is Your Infrastructure Affected by CVE-2025-39942?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs