Buffer Overflow Vulnerability in Linux Kernel's USB 9pfs Transport Layer
CVE-2025-40004

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-40004?

A buffer overflow vulnerability has been identified in the USB 9pfs transport layer of the Linux kernel, arising from improper size validation during packet header parsing and actual data copying. An attacker can exploit this vulnerability by sending a maliciously crafted USB packet that declares a smaller size while containing a larger payload. This inconsistency leads to buffer overflow during data copying operations, posing significant risks to system stability and security. It is crucial for users to ensure that their installations are updated to patched versions to mitigate these risks.

Affected Version(s)

Linux a3be076dc174d9022a71a12554feb4c97b5c4d5c < 0da18d49f874d444ad83c8a546fa33bfcf2f582c

Linux a3be076dc174d9022a71a12554feb4c97b5c4d5c

References

https://git.kernel.org/stable/c/0da18d49f874d444ad83c8a54...

https://git.kernel.org/stable/c/df8462f0fc045b4475dc494a5...

https://git.kernel.org/stable/c/c04db81cd0288dfc68b7a0f7d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Apr 16, 2025

JSON