Transport IPC Vulnerability in Linux Kernel Affects Payload Handling
CVE-2025-40084
What is CVE-2025-40084?
The Linux kernel's ksmbd component has been identified with a vulnerability that allows for unsafe dereferencing of payload handles without adequate size checks. Specifically, the handle_response() function may read a 4-byte handle from a payload without confirming that the declared size is at least 4 bytes. This oversight can lead to potential exploitation through malformed or truncated messages from ksmbd.mountd, resulting in out-of-bounds reads. A critical patch has been introduced to validate the payload length before such dereferencing occurs, addressing this security gap effectively.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2dc125f5da134c0915a840b62565c60a595673dd
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 898d527ed94c19980a4d848f10057f1fed578ffb