CVE-2025-40084

Published: Oct 29, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message from ksmbd.mountd can lead to a 4-byte read past the declared payload size. Validate the size before dereferencing. This is a minimal fix to guard the initial handle read.

Vendor	Product	Versions
Linux	Linux	affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < a02e432d5130da4c723aabe1205bac805889fdb2` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 2dc125f5da134c0915a840b62565c60a595673dd` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 898d527ed94c19980a4d848f10057f1fed578ffb` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 867ffd9d67285612da3f0498ca618297f8e41f01` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 6f40e50ceb99fc8ef37e5c56e2ec1d162733fef0`
Linux	Linux	affected `5.15` unaffected `0 - < 5.15` unaffected `6.1.158 - <= 6.1.` unaffected `6.6.115 - <= 6.6.` unaffected `6.12.56 - <= 6.12.*` +2 more versions

References

https://git.kernel.org/stable/c/a02e432d5130da4c723aabe1205bac805889fdb2

https://git.kernel.org/stable/c/2dc125f5da134c0915a840b62565c60a595673dd

https://git.kernel.org/stable/c/898d527ed94c19980a4d848f10057f1fed578ffb

https://git.kernel.org/stable/c/867ffd9d67285612da3f0498ca618297f8e41f01

https://git.kernel.org/stable/c/6f40e50ceb99fc8ef37e5c56e2ec1d162733fef0

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-40084

Description

Affected Products

References