CVE-2025-40080

Linux Kernel 5.4.0-6.17.2 - DoS via NBD Socket Abuse

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 ("nbd: verify socket is supported during setup") made sure the socket supported a shutdown() method. Explicitely accept TCP and UNIX stream sockets.

Scores

EPSS 0.0019
EPSS Percentile 8.6%

Details

Status published
Products (22)
linux/Kernel 5.4.0 - 6.1.156linux
linux/Kernel 6.13.0 - 6.17.3linux
linux/Kernel 6.2.0 - 6.6.112linux
linux/Kernel 6.7.0 - 6.12.53linux
Linux/Linux < 5.4
Linux/Linux 083322455c67d278c56a66b73f1221f004ee600a
Linux/Linux 4.14.152 - 4.15
Linux/Linux 4.19.82 - 4.20
Linux/Linux 4df728651b8a99693c69962d8e5a5b9e5a3bbcc7
Linux/Linux 4fa1cbd587ef967812f9d9f6ce46ec1dead7502c
... and 12 more
Published Oct 28, 2025
Tracked Since Feb 18, 2026