VDB

DEBIAN-CVE-2025-40099

DEBIAN-CVE-2025-40099 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: cifs: parse_dfs_referrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS - reply smaller than sizeof(struct get_dfs_referral_rsp) - reply with number of referrals smaller than NumberOfReferrals in the header Processing of such replies will cause oob. Return -EINVAL error on such replies to prevent oob-s.

Affected Products

VendorProductVersions
Debian:14linux6.12.63-1~bpo12+1, 6.12.69-1, 6.12.73-1
Debian:12linux6.1.66-1, 6.1.106-1, 0
Debian:11linux-6.16.1.153-1, *, *
Debian:13linux6.12.57-1~bpo12+1, 6.12.38-1, 0
Debian:11linux6.12.69-1, 6.12.69-1~bpo12+1, 6.12.73-1~bpo12+1

Timeline

  • Oct 30, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›