Improper Validation in Linux Kernel NBD Affects TCP and UDP Sockets
CVE-2025-40080

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40080?

A vulnerability in the Linux kernel's Network Block Device (NBD) component allows for the improper handling of socket types. Exploited by syzbot, it abuses socket interactions that were not initially restricted. A recent commit has been made to ensure that only TCP and UNIX stream sockets are accepted, verifying that the socket supports a shutdown() method. This change bolsters network safety by mitigating unauthorized socket types and establishing stricter controls over socket usage during the setup process.

Affected Version(s)

Linux cf1b2326b734896734c6e167e41766f9cee7686a

Linux cf1b2326b734896734c6e167e41766f9cee7686a < 4f9e6ff6319dbcebea64b50af0304cf0ad7e97e7

Linux cf1b2326b734896734c6e167e41766f9cee7686a < 37ad11f20e164c23ce827dd455b42c0fdd29685c

References

https://git.kernel.org/stable/c/c365e8f20f4201d873a70385b...

https://git.kernel.org/stable/c/4f9e6ff6319dbcebea64b50af...

https://git.kernel.org/stable/c/37ad11f20e164c23ce827dd45...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON