{"id":"CVE-2025-40099","summary":"cifs: parse_dfs_referrals: prevent oob on malformed input","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: parse_dfs_referrals: prevent oob on malformed input\n\nMalicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS\n\n- reply smaller than sizeof(struct get_dfs_referral_rsp)\n- reply with number of referrals smaller than NumberOfReferrals in the\nheader\n\nProcessing of such replies will cause oob.\n\nReturn -EINVAL error on such replies to prevent oob-s.","modified":"2026-04-28T18:44:33.443430606Z","published":"2025-10-30T09:48:05.859Z","related":["SUSE-SU-2026:0962-1","SUSE-SU-2026:1041-1","SUSE-SU-2026:1078-1","SUSE-SU-2026:1081-1","SUSE-SU-2026:20667-1","SUSE-SU-2026:20720-1","SUSE-SU-2026:20838-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","SUSE-SU-2026:20931-1","SUSE-SU-2026:21284-1","openSUSE-SU-2025:15702-1","openSUSE-SU-2026:10301-1","openSUSE-SU-2026:20416-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40099.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/15c73964da9df994302f579ed14ee5fdbce7a332"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6447b0e355562a1ff748c4a2ffb89aae7e84d2c9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8bc4a8d39bac23d8b044fd3e2dbfd965f1d9b058"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bb0f2e66e1ac043a5b238f5bcab4f26f3c317039"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cfacc7441f760e4a73cc71b6ff1635261d534657"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40099.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40099"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4ecce920e13ace16a5ba45efe8909946c28fb2ad"},{"fixed":"cfacc7441f760e4a73cc71b6ff1635261d534657"},{"fixed":"15c73964da9df994302f579ed14ee5fdbce7a332"},{"fixed":"8bc4a8d39bac23d8b044fd3e2dbfd965f1d9b058"},{"fixed":"bb0f2e66e1ac043a5b238f5bcab4f26f3c317039"},{"fixed":"6447b0e355562a1ff748c4a2ffb89aae7e84d2c9"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40099.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.11.0"},{"fixed":"6.1.158"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.114"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.55"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40099.json"}}],"schema_version":"1.7.5"}