Primary

Context

Linux Kernel SMB Client Data Verification Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's SMB client has been addressed, allowing the 'recv_done' function to properly verify the 'data_offset', 'data_length', and 'remaining_data_length' parameters. This issue was inspired by similar fixes implemented on the server side.

Impact

The vulnerability could lead to improper handling of SMB Direct data transfer packets, potentially allowing for data corruption or mismanagement during the transfer process.

Added: Oct 4, 2025, 8:40 AM

Updated: Oct 4, 2025, 8:40 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SMB Client Data Verification Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating