CVE-2025-40287
- Source
- https://cve.org/CVERecord?id=CVE-2025-40287
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40287.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-40287
- Downstream
- Published
- 2025-12-06T21:51:13.328Z
- Modified
- 2026-01-26T20:00:13.327912Z
- Summary
- exfat: fix improper check of dentry.stream.valid_size
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix improper check of dentry.stream.valid_size
We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls — SYSopenat, SYSftruncate, and SYS_pwrite64 — can cause the kernel to hang.
Root cause analysis shows that the size validation code in exfatfind() does not check whether dentry.stream.validsize is negative. As a result, the system calls mentioned above can succeed and eventually trigger the DoS issue.
This patch adds a check for negative dentry.stream.valid_size to prevent this vulnerability.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40287.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/204b1b02ee018ba52ad2ece21fe3a8643d66a1b2
- https://git.kernel.org/stable/c/6c627bcc1896ba62ec793d0c00da74f3c93ce3ad
- https://git.kernel.org/stable/c/82ebecdc74ff555daf70b811d854b1f32a296bea
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40287.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40287
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced11a347fb6cef62ce47e84b97c45f2b2497c7593bFixed6c627bcc1896ba62ec793d0c00da74f3c93ce3adFixed204b1b02ee018ba52ad2ece21fe3a8643d66a1b2Fixed82ebecdc74ff555daf70b811d854b1f32a296bea
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.44
v6.12.45
v6.12.46
v6.12.47
v6.12.48
v6.12.49
v6.12.5
v6.12.50
v6.12.51
v6.12.52
v6.12.53
v6.12.54
v6.12.55
v6.12.56
v6.12.57
v6.12.58
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.2
v6.17.3
v6.17.4
v6.17.5
v6.17.6
v6.17.7
v6.17.8
v6.18-rc1
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7