CVE-2025-40099

In the Linux kernel, the following vulnerability has been resolved:

cifs: parse_dfs_referrals: prevent oob on malformed input

Malicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS

– reply smaller than sizeof(struct get_dfs_referral_rsp)
– reply with number of referrals smaller than NumberOfReferrals in the
header

Processing of such replies will cause oob.

Return -EINVAL error on such replies to prevent oob-s.

More information : https://git.kernel.org/stable/c/15c73964da9df994302f579ed14ee5fdbce7a332