AZL-69992

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69992.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-69992

Upstream

CVE-2025-40167

Published

2025-11-12T11:15:47Z

Modified

2026-04-21T04:36:17.533819Z

Summary

CVE-2025-40167 affecting package kernel for versions less than 6.6.117.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: detect invalid INLINE_DATA + EXTENTS flag combination

syzbot reported a BUGON in ext4escacheextent() when opening a verity file on a corrupted ext4 filesystem mounted without a journal.

The issue is that the filesystem has an inode with both the INLINE_DATA and EXTENTS flags set:

EXT4-fs error (device loop0): ext4_cache_extents:545: inode #15:
comm syz.0.17: corrupted extent tree: lblk 0 < prev 66

Investigation revealed that the inode has both flags set: DEBUG: inode 15 - flag=1, iinlineoff=164, hasinline=1, extentsflag=1

This is an invalid combination since an inode should have either: - INLINE_DATA: data stored directly in the inode - EXTENTS: data stored in extent-mapped blocks

Having both flags causes ext4hasinline_data() to return true, skipping extent tree validation in _ext4iget(). The unvalidated out-of-order extents then trigger a BUGON in ext4escacheextent() due to integer underflow when calculating hole sizes.

Fix this by detecting this invalid flag combination early in ext4_iget() and rejecting the corrupted inode.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40167

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.117.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69992.json"