Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message from ksmbd.mountd can lead to a 4-byte read past the declared payload size. Validate the size before dereferencing. This is a minimal fix to guard the initial handle read.

INFO

Published Date :

2025-10-29T13:37:03.185Z

Last Modified :

2025-12-01T06:17:41.201Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40084 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40084.

URL Resource
https://git.kernel.org/stable/c/2dc125f5da134c0915a840b62565c60a595673dd cve-icon cve-icon
https://git.kernel.org/stable/c/6f40e50ceb99fc8ef37e5c56e2ec1d162733fef0 cve-icon cve-icon
https://git.kernel.org/stable/c/867ffd9d67285612da3f0498ca618297f8e41f01 cve-icon cve-icon
https://git.kernel.org/stable/c/898d527ed94c19980a4d848f10057f1fed578ffb cve-icon cve-icon
https://git.kernel.org/stable/c/a02e432d5130da4c723aabe1205bac805889fdb2 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025102909-CVE-2025-40084-1407@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40084 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40084 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact