CVE-2025-40084
BaseFortify
Publication date: 2025-10-29
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's ksmbd component, specifically in the transport_ipc module. The function handle_response() reads a 4-byte handle from a payload without first verifying that the payload size is at least 4 bytes. If a malformed or truncated message is received, this can cause the function to read beyond the actual payload size, potentially leading to memory corruption or other unintended behavior. The fix involves validating the payload size before reading the handle.
How can this vulnerability impact me? :
The vulnerability can lead to a 4-byte read past the declared payload size when processing malformed or truncated messages. This could cause memory corruption, which might be exploited to cause crashes, data leaks, or potentially arbitrary code execution depending on the context and further exploitation.