VYPR
Unrated severityNVD Advisory· Published Oct 29, 2025· Updated Apr 15, 2026

CVE-2025-40084

CVE-2025-40084

Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: transport_ipc: validate payload size before reading handle

handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message from ksmbd.mountd can lead to a 4-byte read past the declared payload size. Validate the size before dereferencing.

This is a minimal fix to guard the initial handle read.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.