CVE-2025-40099
Essential information
- Published
- 30/10/2025 10:15
- Modified
- 30/10/2025 15:03
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
In the Linux kernel, the following vulnerability has been resolved:
cifs: parse_dfs_referrals: prevent oob on malformed input
Malicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS
- reply smaller than sizeof(struct get_dfs_referral_rsp)
- reply with number of referrals smaller than NumberOfReferrals in the
header
Processing of such replies will cause oob.
Return -EINVAL error on such replies to prevent oob-s.
NVD status
- Status
- Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux / common internet file system | cpe:2.3:a:linux:common_internet_file_system:*:*:*:*:*:*:*:* |