CVE-2025-39975

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

15/10/2025

Last modified:

16/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix wrong index reference in smb2_compound_op() In smb2_compound_op(), the loop that processes each command&#39;s response uses wrong indices when accessing response bufferes. This incorrect indexing leads to improper handling of command results. Also, if incorrectly computed index is greather than or equal to MAX_COMPOUND, it can cause out-of-bounds accesses.

Impact

References to Advisories, Solutions, and Tools

https://git.kernel.org/stable/c/093615fc76063ea08d454ba86677ce64c736e806
https://git.kernel.org/stable/c/ba7bcfd52c66dd1c2dfa5142aca7e4a70b62dfa5
https://git.kernel.org/stable/c/bfb1e2aad1fecef8320fd71332acde0d53a8d699
https://git.kernel.org/stable/c/fbe2dc6a9c7318f7263f5e4d50f6272b931c5756