CVE-2025-40004
BaseFortify
Publication date: 2025-10-20
Last updated on: 2025-10-21
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the Linux kernel's USB 9pfs transport layer. It happens because the code validates the declared size in a packet header but does not properly check the actual size of the data received before copying it. An attacker can send a packet with a small declared size but a large actual payload, causing the system to overflow heap buffers when copying data, potentially leading to memory corruption.
How can this vulnerability impact me? :
This vulnerability can allow a malicious USB host to overflow heap buffers in the Linux kernel, which may lead to memory corruption. This could potentially be exploited to cause system crashes, data corruption, or execution of arbitrary code with kernel privileges, impacting system stability and security.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where the buffer overflow in the USB 9pfs transport layer has been fixed. This fix includes added validation in usb9pfs_rx_complete() to ensure that the actual received bytes do not exceed the buffer capacity before copying data, preventing the overflow. Until the update is applied, avoid connecting untrusted or potentially malicious USB hosts that could exploit this vulnerability.