216.73.217.86

CVE-2025-40099

· Published 30/10/2025 10:15 · Modified 30/10/2025 15:03

Labels: CVE-2025-40099 2025-10-30416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2025-40099

Essential information

Published
30/10/2025 10:15
Modified
30/10/2025 15:03
Author
Creator
CISA KEV
No
CWE

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: parse_dfs_referrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS - reply smaller than sizeof(struct get_dfs_referral_rsp) - reply with number of referrals smaller than NumberOfReferrals in the header Processing of such replies will cause oob. Return -EINVAL error on such replies to prevent oob-s.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD
View on NVD

Affected products (CPE)

ProductCPE
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / common internet file system cpe:2.3:a:linux:common_internet_file_system:*:*:*:*:*:*:*:*

References