Transport IPC Vulnerability in Linux Kernel Affects Payload Handling
CVE-2025-40084

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
29 October 2025

What is CVE-2025-40084?

The Linux kernel's ksmbd component has been identified with a vulnerability that allows for unsafe dereferencing of payload handles without adequate size checks. Specifically, the handle_response() function may read a 4-byte handle from a payload without confirming that the declared size is at least 4 bytes. This oversight can lead to potential exploitation through malformed or truncated messages from ksmbd.mountd, resulting in out-of-bounds reads. A critical patch has been introduced to validate the payload length before such dereferencing occurs, addressing this security gap effectively.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 2dc125f5da134c0915a840b62565c60a595673dd

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 898d527ed94c19980a4d848f10057f1fed578ffb

References

https://git.kernel.org/stable/c/a02e432d5130da4c723aabe12...
https://git.kernel.org/stable/c/2dc125f5da134c0915a840b62...
https://git.kernel.org/stable/c/898d527ed94c19980a4d848f1...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.