CVE-2025-40099

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cifs: parse_dfs_referrals: prevent oob on malformed input<br /> <br /> Malicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS<br /> <br /> - reply smaller than sizeof(struct get_dfs_referral_rsp)<br /> - reply with number of referrals smaller than NumberOfReferrals in the<br /> header<br /> <br /> Processing of such replies will cause oob.<br /> <br /> Return -EINVAL error on such replies to prevent oob-s.