Description

In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix buffer overflow in USB transport layer A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying allows a malicious USB host to overflow heap buffers. The issue occurs because: - usb9pfs_rx_header() validates only the declared size in packet header - usb9pfs_rx_complete() uses req->actual (actual received bytes) for memcpy This allows an attacker to craft packets with small declared size (bypassing validation) but large actual payload (triggering overflow in memcpy). Add validation in usb9pfs_rx_complete() to ensure req->actual does not exceed the buffer capacity before copying data.

INFO

Published Date :

2025-10-20T05:26:08.787Z

Last Modified :

2025-12-01T06:16:17.602Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40004 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40004.

URL Resource
https://git.kernel.org/stable/c/0da18d49f874d444ad83c8a546fa33bfcf2f582c cve-icon cve-icon
https://git.kernel.org/stable/c/c04db81cd0288dfc68b7a0f7d09bd49b40bba451 cve-icon cve-icon
https://git.kernel.org/stable/c/df8462f0fc045b4475dc494a5787a03c972ba2a2 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025102012-CVE-2025-40004-a709@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40004 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40004 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact