Out-of-Bounds Vulnerability in Linux Kernel Affecting SMB Protocol
CVE-2025-40099

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-40099?

A vulnerability exists in the Linux kernel's handling of SMB protocol communications, specifically in the CIFS module. An attacker can exploit this flaw by sending malformed responses from a malicious SMB server, which may lead to out-of-bounds access. This occurs when the server's reply is either smaller than the expected size of the designated response structure or contains a number of referrals that does not match the expected value, potentially leading to memory corruption. The kernel has implemented safeguards to return an -EINVAL error to mitigate these out-of-bounds issues.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch