CVE-2025-40099
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-30

Last updated on: 2025-10-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: cifs: parse_dfs_referrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS - reply smaller than sizeof(struct get_dfs_referral_rsp) - reply with number of referrals smaller than NumberOfReferrals in the header Processing of such replies will cause oob. Return -EINVAL error on such replies to prevent oob-s.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-30
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-30
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40099
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's CIFS implementation where a malicious SMB server can send malformed replies to the FSCTL_DFS_GET_REFERRALS request. Specifically, the reply can be smaller than expected or contain inconsistent referral counts, which causes out-of-bounds (oob) memory access during processing. The fix involves returning an error (-EINVAL) when such malformed replies are detected to prevent out-of-bounds access.

Impact Analysis

If exploited, this vulnerability could cause out-of-bounds memory access in the Linux kernel, potentially leading to system crashes, denial of service, or other unpredictable behavior when interacting with a malicious SMB server.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40099. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart