CVE-2025-40084

{"id": "CVE-2025-40084", "cveTags": [], "metrics": {}, "published": "2025-10-29T14:15:55.007", "references": [{"url": "https://git.kernel.org/stable/c/2dc125f5da134c0915a840b62565c60a595673dd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/867ffd9d67285612da3f0498ca618297f8e41f01", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/898d527ed94c19980a4d848f10057f1fed578ffb", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a02e432d5130da4c723aabe1205bac805889fdb2", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: transport_ipc: validate payload size before reading handle\n\nhandle_response() dereferences the payload as a 4-byte handle without\nverifying that the declared payload size is at least 4 bytes. A malformed\nor truncated message from ksmbd.mountd can lead to a 4-byte read past the\ndeclared payload size. Validate the size before dereferencing.\n\nThis is a minimal fix to guard the initial handle read."}], "lastModified": "2025-10-30T15:03:13.440", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}