CVE-2025-40099

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to the handling of Distributed File System (DFS) referrals within the SMB protocol. A malicious SMB server can send crafted responses to FSCTL DFS GET REFERRALS requests, specifically replies that are either smaller than the expected size or contain inconsistent referral counts. Processing these malformed replies can lead to an out-of-bounds read condition. The issue is triggered when processing replies to the FSCTL DFS GET REFERRALS request. The vulnerability is related to the parse dfs referrals function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

AZL-69436

BDU:2026-01371

CVE-2025-40099

DLA-4379-1

DSA-6053-1

ECHO-13EF-E680-ABBF

MGASA-2025-0309

MGASA-2025-0310

OESA-2026-1303

OESA-2026-1304

OESA-2026-1305

OPENSUSE-SU-2025:15702-1

OPENSUSE-SU-2026:10301-1

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1041-1

SUSE-SU-2026:1078-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-40099

Weakness Enumeration

Related Identifiers

Affected Products

References · 3439