CVE-2025-40052: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-40052 is a vulnerability in the Linux kernel affecting the SMB client implementation. The issue was discovered and disclosed on October 28, 2025, and involves improper handling of crypto buffers in non-linear memory (NVD).

The vulnerability stems from the crypto API's expectation of input buffers to be in linear memory through the scatterlist API. While the cifs_sg_set_buf() helper converts vmalloc'd memory to corresponding pages, the allocation of aead_request buffer (@creq in smb2ops.c::crypt_message()) using kvzalloc() can place aead_request->__ctx in vmalloc area. This becomes problematic when tasks' stacks are vmalloc'd by default (CONFIG_VMAP_STACK=y), causing virt_addr_valid(buf) to fail when stack addresses increment beyond a certain point (NVD).

When triggered, this vulnerability causes a kernel BUG() in sg_set_buf(), leading to system crashes. The issue manifests particularly during parallel reads and writes on an encrypted mount, potentially affecting system stability and availability (NVD).

The fix involves modifying the allocation method for @creq to always use kmalloc() instead of kvzalloc(). Additionally, the @sensitive_size variable/arguments have been removed as kfree_sensitive() doesn't require them (NVD).