CVE-2025-40080

  • Published: 1761653742
  • Last modified: 1761653742

CVE-2025-40080 — In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 ("nbd: verify socket is supported during setup") made sure the socket supported a shutdown() method. Explicitely accept TCP and UNIX…

Related CVE by CWE

No closely related CVE found.

Risk snapshot

EPSS: n/a   |   KEV: not listed

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No vendor taxonomy on this entry.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

In the Linux kernel, the following vulnerability has been resolved:

nbd: restrict sockets to TCP and UDP

Recently, syzbot started to abuse NBD with all kinds of sockets.

Commit cf1b2326b734 (“nbd: verify socket is supported during setup”)
made sure the socket supported a shutdown() method.

Explicitely accept TCP and UNIX stream sockets.

🧠 Explainer: What this vulnerability means

Summary: This vulnerability affects the product by the vendor (CWE: unspecified).

Impact: It may allow privilege escalation, data exposure, or service interruption.

Mitigation: Upgrade immediately to the remediated release and follow vendor hardening guidance.

No vendor/product data yet.

No explicit mitigation/advisory links found in references.