CVE-2025-40287

Published: Dec 6, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls — SYS_openat, SYS_ftruncate, and SYS_pwrite64 — can cause the kernel to hang. Root cause analysis shows that the size validation code in exfat_find() does not check whether dentry.stream.valid_size is negative. As a result, the system calls mentioned above can succeed and eventually trigger the DoS issue. This patch adds a check for negative dentry.stream.valid_size to prevent this vulnerability.

Vendor	Product	Versions
Linux	Linux	affected `11a347fb6cef62ce47e84b97c45f2b2497c7593b - < 6c627bcc1896ba62ec793d0c00da74f3c93ce3ad` affected `11a347fb6cef62ce47e84b97c45f2b2497c7593b - < 204b1b02ee018ba52ad2ece21fe3a8643d66a1b2` affected `11a347fb6cef62ce47e84b97c45f2b2497c7593b - < 82ebecdc74ff555daf70b811d854b1f32a296bea`
Linux	Linux	affected `6.8` unaffected `0 - < 6.8` unaffected `6.12.59 - <= 6.12.` unaffected `6.17.9 - <= 6.17.` unaffected `6.18 - <= *`

References

https://git.kernel.org/stable/c/6c627bcc1896ba62ec793d0c00da74f3c93ce3ad

https://git.kernel.org/stable/c/204b1b02ee018ba52ad2ece21fe3a8643d66a1b2

https://git.kernel.org/stable/c/82ebecdc74ff555daf70b811d854b1f32a296bea

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-40287

Description

Affected Products

References