CVE-2025-40099

{"id": "CVE-2025-40099", "cveTags": [], "metrics": {}, "published": "2025-10-30T10:15:34.337", "references": [{"url": "https://git.kernel.org/stable/c/15c73964da9df994302f579ed14ee5fdbce7a332", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6447b0e355562a1ff748c4a2ffb89aae7e84d2c9", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8bc4a8d39bac23d8b044fd3e2dbfd965f1d9b058", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bb0f2e66e1ac043a5b238f5bcab4f26f3c317039", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cfacc7441f760e4a73cc71b6ff1635261d534657", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: parse_dfs_referrals: prevent oob on malformed input\n\nMalicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS\n\n- reply smaller than sizeof(struct get_dfs_referral_rsp)\n- reply with number of referrals smaller than NumberOfReferrals in the\nheader\n\nProcessing of such replies will cause oob.\n\nReturn -EINVAL error on such replies to prevent oob-s."}], "lastModified": "2025-10-30T15:03:13.440", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}