CVE-2025-40004Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux

15 documents6 sources
Severity
N/A
No vector
EPSS
0.0%
top 92.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 20
Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix buffer overflow in USB transport layer A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying allows a malicious USB host to overflow heap buffers. The issue occurs because: - usb9pfs_rx_header() validates only the declared size in packet header - usb9pfs_rx_complete() uses req->actual (actual received bytes) f

Affected Packages5 packages

Linuxlinux/linux_kernel6.12.06.12.53+1
Debianlinux/linux_kernel< 6.12.57-1+1
Ubuntulinux/linux_kernel< 6.17.0-14.14
CVEListV5linux/linuxa3be076dc174d9022a71a12554feb4c97b5c4d5c0da18d49f874d444ad83c8a546fa33bfcf2f582c+3
debiandebian/linux< linux 6.17.6-1 (forky)

🔴Vulnerability Details

8
OSV
linux-azure vulnerabilities2026-02-24
OSV
linux-oem-6.17 vulnerabilities2026-02-17
OSV
linux-aws, linux-oracle vulnerabilities2026-02-17
OSV
linux-gcp vulnerabilities2026-02-12
OSV
linux, linux-raspi, linux-realtime vulnerabilities2026-02-12

📋Vendor Advisories

6
Ubuntu
Linux kernel (Azure) vulnerabilities2026-02-24
Ubuntu
Linux kernel (OEM) vulnerabilities2026-02-17
Ubuntu
Linux kernel (GCP) vulnerabilities2026-02-12
Ubuntu
Linux kernel vulnerabilities2026-02-12
Red Hat
kernel: net/9p: Fix buffer overflow in USB transport layer2025-10-20