-

CVE-2025-40080

EPSS 0.04%
Veröffentlicht 28.10.2025 11:48:44
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

nbd: restrict sockets to TCP and UDP

In the Linux kernel, the following vulnerability has been resolved:

nbd: restrict sockets to TCP and UDP

Recently, syzbot started to abuse NBD with all kinds of sockets.

Commit cf1b2326b734 ("nbd: verify socket is supported during setup")
made sure the socket supported a shutdown() method.

Explicitely accept TCP and UNIX stream sockets.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

CNA 2 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version cf1b2326b734896734c6e167e41766f9cee7686a

Version < c365e8f20f4201d873a70385bd919f0fb531e960

Status affected

Version cf1b2326b734896734c6e167e41766f9cee7686a

Version < 4f9e6ff6319dbcebea64b50af0304cf0ad7e97e7

Status affected

Version cf1b2326b734896734c6e167e41766f9cee7686a

Version < 37ad11f20e164c23ce827dd455b42c0fdd29685c

Status affected

Version cf1b2326b734896734c6e167e41766f9cee7686a

Version < 808e2335bc1cf2293b9e36ccc94c267c81509c71

Status affected

Version cf1b2326b734896734c6e167e41766f9cee7686a

Version < 9f7c02e031570e8291a63162c6c046dc15ff85b0

Status affected

Version 4df728651b8a99693c69962d8e5a5b9e5a3bbcc7

Status affected

Version 083322455c67d278c56a66b73f1221f004ee600a

Status affected

Version 4fa1cbd587ef967812f9d9f6ce46ec1dead7502c

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.4

Status affected

Version 0

Version < 5.4

Status unaffected

Version <= 6.1.*

Version 6.1.156

Status unaffected

Version <= 6.6.*

Version 6.6.112

Status unaffected

Version <= 6.12.*

Version 6.12.53

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.13

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/c365e8f20f4201d873a70385bd919f0fb531e960

https://git.kernel.org/stable/c/4f9e6ff6319dbcebea64b50af0304cf0ad7e97e7

https://git.kernel.org/stable/c/37ad11f20e164c23ce827dd455b42c0fdd29685c

https://git.kernel.org/stable/c/808e2335bc1cf2293b9e36ccc94c267c81509c71

https://git.kernel.org/stable/c/9f7c02e031570e8291a63162c6c046dc15ff85b0

https://nvd.nist.gov/vuln/detail/CVE-2025-40080

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40080

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40080

EUVD