Reference Leak Vulnerability in Linux Kernel's Netfs Component
CVE-2025-40007

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-40007?

A vulnerability has been identified in the Linux kernel's netfs component due to improper handling of reference counters in I/O operations. When a request is released before the I/O operation is completed, it results in a reference leak, which can block server tasks and eventually cause server cluster outages. The issue arises from modifications aimed at optimizing the request handling, leading to scenarios where requests remain uncompleted, thus leaving memory resources tied up unnecessarily. A patch has been implemented to address this flaw, introducing a new function to clean up failed requests and ensure proper management of reference counts for robust and reliable operations.

Affected Version(s)

Linux 20d72b00ca814d748f5663484e5c53bb2bf37a3a < 8df142e93098b4531fadb5dfcf93087649f570b3

Linux 20d72b00ca814d748f5663484e5c53bb2bf37a3a < 4d428dca252c858bfac691c31fa95d26cd008706

Linux 1a8360c2eed3b292ed654c2ac61b09de4a80e298

References

https://git.kernel.org/stable/c/8df142e93098b4531fadb5dfc...

https://git.kernel.org/stable/c/4d428dca252c858bfac691c31...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Apr 16, 2025

JSON