CVE-2025-40099

medium

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: parse_dfs_referrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS - reply smaller than sizeof(struct get_dfs_referral_rsp) - reply with number of referrals smaller than NumberOfReferrals in the header Processing of such replies will cause oob. Return -EINVAL error on such replies to prevent oob-s.

References

https://git.kernel.org/stable/c/cfacc7441f760e4a73cc71b6ff1635261d534657

https://git.kernel.org/stable/c/bb0f2e66e1ac043a5b238f5bcab4f26f3c317039

https://git.kernel.org/stable/c/8bc4a8d39bac23d8b044fd3e2dbfd965f1d9b058

https://git.kernel.org/stable/c/6447b0e355562a1ff748c4a2ffb89aae7e84d2c9

https://git.kernel.org/stable/c/15c73964da9df994302f579ed14ee5fdbce7a332

Details

Source: Mitre, NVD

Published: 2025-10-30

Updated: 2025-10-30

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018