VYPR
Unrated severityNVD Advisory· Published Oct 30, 2025· Updated Apr 15, 2026

CVE-2025-40099

CVE-2025-40099

Description

In the Linux kernel, the following vulnerability has been resolved:

cifs: parse_dfs_referrals: prevent oob on malformed input

Malicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS

- reply smaller than sizeof(struct get_dfs_referral_rsp) - reply with number of referrals smaller than NumberOfReferrals in the header

Processing of such replies will cause oob.

Return -EINVAL error on such replies to prevent oob-s.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

110

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.