[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-40004":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":14,"duplicates":33,"related":34,"reserved_at":9,"published_at":37,"modified_at":38,"state":39,"summary":40,"references_raw":44,"kevs":59,"epss":60,"epss_history":63,"metrics":330,"affected":331},"CVE-2025-40004","In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: Fix buffer overflow in USB transport layer\n\nA buffer overflow vulnerability exists in the USB 9pfs transport layer\nwhere inconsistent size validation between packet header parsing and\nactual data copying allows a malicious USB host to overflow heap buffers.\n\nThe issue occurs because:\n- usb9pfs_rx_header() validates only the declared size in packet header\n- usb9pfs_rx_complete() uses req->actual (actual received bytes) for\nmemcpy\n\nThis allows an attacker to craft packets with small declared size\n(bypassing validation) but large actual payload (triggering overflow\nin memcpy).\n\nAdd validation in usb9pfs_rx_complete() to ensure req->actual does not\nexceed the buffer capacity before copying data.",null,[],[],[],[],[15,17,19,21,23,25,27,29,31],{"_key":16},"OPENSUSE-SU-2026:10301-1",{"_key":18},"OPENSUSE-SU-2025:15671-1",{"_key":20},"USN-8029-1",{"_key":22},"USN-8029-2",{"_key":24},"USN-8029-3",{"_key":26},"USN-8030-1",{"_key":28},"DEBIAN-CVE-2025-40004",{"_key":30},"UBUNTU-CVE-2025-40004",{"_key":32},"USN-8048-1",[],[35,36],{"_key":16},{"_key":18},"2025-10-20T05:26:08.787Z","2026-05-11T21:40:36.949Z","Deferred",{"cisa_kev":41,"cisa_ransomware":41,"cisa_vendor":9,"epss_severity":42,"epss_score":43,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":39},false,"low",0.00028,[45,51,55],{"url":46,"sources":47,"tags":50},"https://git.kernel.org/stable/c/0da18d49f874d444ad83c8a546fa33bfcf2f582c",[48,49],"cve.org","nvd",[],{"url":52,"sources":53,"tags":54},"https://git.kernel.org/stable/c/df8462f0fc045b4475dc494a5787a03c972ba2a2",[48,49],[],{"url":56,"sources":57,"tags":58},"https://git.kernel.org/stable/c/c04db81cd0288dfc68b7a0f7d09bd49b40bba451",[48,49],[],[],{"date":61,"score":43,"percentile":62},"2026-06-04",0.08394,[64,68,70,73,76,79,82,85,88,91,94,97,100,103,105,108,111,114,118,121,124,127,130,133,135,138,141,144,147,150,153,156,159,162,164,167,170,173,176,179,182,185,188,191,194,197,200,203,206,209,212,215,218,221,225,228,231,234,237,240,242,244,247,250,253,256,259,262,265,268,271,274,277,280,283,286,289,292,295,298,301,304,307,310,313,316,318,321,324,327],{"date":65,"score":66,"percentile":67},"2025-11-04",0.00025,0.05494,{"date":69,"score":66,"percentile":67},"2025-11-05",{"date":71,"score":66,"percentile":72},"2025-11-06",0.05613,{"date":74,"score":66,"percentile":75},"2025-11-07",0.05624,{"date":77,"score":66,"percentile":78},"2025-11-08",0.05615,{"date":80,"score":66,"percentile":81},"2025-11-09",0.05609,{"date":83,"score":66,"percentile":84},"2025-11-10",0.05587,{"date":86,"score":66,"percentile":87},"2025-11-11",0.05618,{"date":89,"score":66,"percentile":90},"2025-11-12",0.05664,{"date":92,"score":66,"percentile":93},"2025-11-13",0.05693,{"date":95,"score":66,"percentile":96},"2025-11-14",0.05729,{"date":98,"score":66,"percentile":99},"2025-11-15",0.05754,{"date":101,"score":66,"percentile":102},"2025-11-16",0.05761,{"date":104,"score":66,"percentile":99},"2025-11-17",{"date":106,"score":66,"percentile":107},"2025-11-18",0.03393,{"date":109,"score":66,"percentile":110},"2025-11-19",0.03444,{"date":112,"score":66,"percentile":113},"2025-11-20",0.03505,{"date":115,"score":116,"percentile":117},"2025-11-21",0.00027,0.06697,{"date":119,"score":116,"percentile":120},"2025-11-22",0.06675,{"date":122,"score":116,"percentile":123},"2025-11-23",0.0666,{"date":125,"score":116,"percentile":126},"2025-11-24",0.06638,{"date":128,"score":116,"percentile":129},"2025-11-25",0.06639,{"date":131,"score":116,"percentile":132},"2025-11-26",0.06649,{"date":134,"score":116,"percentile":132},"2025-11-27",{"date":136,"score":116,"percentile":137},"2025-11-28",0.06636,{"date":139,"score":116,"percentile":140},"2025-11-29",0.06677,{"date":142,"score":116,"percentile":143},"2025-11-30",0.06676,{"date":145,"score":116,"percentile":146},"2025-12-01",0.06722,{"date":148,"score":116,"percentile":149},"2025-12-02",0.06733,{"date":151,"score":116,"percentile":152},"2025-12-03",0.0675,{"date":154,"score":116,"percentile":155},"2025-12-04",0.06728,{"date":157,"score":116,"percentile":158},"2025-12-05",0.06779,{"date":160,"score":116,"percentile":161},"2025-12-06",0.0679,{"date":163,"score":116,"percentile":161},"2025-12-07",{"date":165,"score":116,"percentile":166},"2025-12-08",0.06797,{"date":168,"score":116,"percentile":169},"2025-12-09",0.0685,{"date":171,"score":116,"percentile":172},"2025-12-10",0.06921,{"date":174,"score":116,"percentile":175},"2025-12-11",0.0693,{"date":177,"score":116,"percentile":178},"2025-12-12",0.06937,{"date":180,"score":116,"percentile":181},"2025-12-13",0.06961,{"date":183,"score":116,"percentile":184},"2025-12-14",0.06945,{"date":186,"score":116,"percentile":187},"2025-12-15",0.06908,{"date":189,"score":116,"percentile":190},"2025-12-16",0.0694,{"date":192,"score":116,"percentile":193},"2025-12-17",0.0703,{"date":195,"score":116,"percentile":196},"2025-12-18",0.07093,{"date":198,"score":116,"percentile":199},"2025-12-19",0.07089,{"date":201,"score":116,"percentile":202},"2025-12-20",0.07082,{"date":204,"score":116,"percentile":205},"2025-12-21",0.07068,{"date":207,"score":116,"percentile":208},"2025-12-22",0.07025,{"date":210,"score":116,"percentile":211},"2025-12-23",0.07013,{"date":213,"score":116,"percentile":214},"2025-12-24",0.07036,{"date":216,"score":116,"percentile":217},"2025-12-25",0.07103,{"date":219,"score":116,"percentile":220},"2025-12-26",0.07109,{"date":222,"score":223,"percentile":224},"2025-12-27",0.00029,0.0755,{"date":226,"score":223,"percentile":227},"2025-12-28",0.07565,{"date":229,"score":223,"percentile":230},"2025-12-29",0.07547,{"date":232,"score":223,"percentile":233},"2025-12-30",0.07519,{"date":235,"score":223,"percentile":236},"2025-12-31",0.0756,{"date":238,"score":223,"percentile":239},"2026-01-01",0.0763,{"date":241,"score":223,"percentile":239},"2026-01-02",{"date":243,"score":223,"percentile":239},"2026-01-03",{"date":245,"score":223,"percentile":246},"2026-01-04",0.07558,{"date":248,"score":223,"percentile":249},"2026-01-05",0.07512,{"date":251,"score":223,"percentile":252},"2026-01-06",0.07502,{"date":254,"score":223,"percentile":255},"2026-01-07",0.07527,{"date":257,"score":223,"percentile":258},"2026-01-08",0.07591,{"date":260,"score":223,"percentile":261},"2026-01-09",0.07608,{"date":263,"score":223,"percentile":264},"2026-01-10",0.07636,{"date":266,"score":223,"percentile":267},"2026-01-11",0.07622,{"date":269,"score":223,"percentile":270},"2026-01-12",0.07598,{"date":272,"score":223,"percentile":273},"2026-01-13",0.07577,{"date":275,"score":223,"percentile":276},"2026-01-14",0.0761,{"date":278,"score":223,"percentile":279},"2026-01-15",0.07612,{"date":281,"score":223,"percentile":282},"2026-01-16",0.07633,{"date":284,"score":223,"percentile":285},"2026-01-17",0.0764,{"date":287,"score":223,"percentile":288},"2026-01-18",0.07616,{"date":290,"score":223,"percentile":291},"2026-01-19",0.07587,{"date":293,"score":223,"percentile":294},"2026-01-20",0.07549,{"date":296,"score":223,"percentile":297},"2026-01-21",0.07539,{"date":299,"score":223,"percentile":300},"2026-01-22",0.07515,{"date":302,"score":223,"percentile":303},"2026-01-23",0.07584,{"date":305,"score":223,"percentile":306},"2026-01-24",0.07634,{"date":308,"score":223,"percentile":309},"2026-01-25",0.07618,{"date":311,"score":223,"percentile":312},"2026-01-26",0.07586,{"date":314,"score":223,"percentile":315},"2026-01-27",0.07576,{"date":317,"score":223,"percentile":246},"2026-01-28",{"date":319,"score":223,"percentile":320},"2026-01-29",0.0754,{"date":322,"score":223,"percentile":323},"2026-01-30",0.07552,{"date":325,"score":223,"percentile":326},"2026-01-31",0.07572,{"date":328,"score":223,"percentile":329},"2026-02-01",0.07599,[],[332],{"ecosystem":9,"name":333,"vendor":334,"product":334,"cpe_part":335,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":336},"Linux","linux","a",[337,344,347,350],{"version":338,"is_range":339,"range_type":48,"version_start":340,"version_start_type":341,"version_end":342,"version_end_type":343,"fixed_in":9},">= a3be076dc174d9022a71a12554feb4c97b5c4d5c, \u003C 0da18d49f874d444ad83c8a546fa33bfcf2f582c",true,"a3be076dc174d9022a71a12554feb4c97b5c4d5c","including","0da18d49f874d444ad83c8a546fa33bfcf2f582c","excluding",{"version":345,"is_range":339,"range_type":48,"version_start":340,"version_start_type":341,"version_end":346,"version_end_type":343,"fixed_in":9},">= a3be076dc174d9022a71a12554feb4c97b5c4d5c, \u003C df8462f0fc045b4475dc494a5787a03c972ba2a2","df8462f0fc045b4475dc494a5787a03c972ba2a2",{"version":348,"is_range":339,"range_type":48,"version_start":340,"version_start_type":341,"version_end":349,"version_end_type":343,"fixed_in":9},">= a3be076dc174d9022a71a12554feb4c97b5c4d5c, \u003C c04db81cd0288dfc68b7a0f7d09bd49b40bba451","c04db81cd0288dfc68b7a0f7d09bd49b40bba451",{"version":351,"is_range":41,"range_type":48,"version_start":351,"version_start_type":341,"version_end":351,"version_end_type":341,"fixed_in":9},"6.12"]