AZL-69024

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69024.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-69024

Upstream

CVE-2025-40084

Published

2025-10-29T14:15:55Z

Modified

2026-04-01T05:21:31.736704Z

Summary

CVE-2025-40084 affecting package kernel for versions less than 6.6.117.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: transport_ipc: validate payload size before reading handle

handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message from ksmbd.mountd can lead to a 4-byte read past the declared payload size. Validate the size before dereferencing.

This is a minimal fix to guard the initial handle read.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40084

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.117.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69024.json"