Kernel Vulnerability in Linux Affecting File System Operations
CVE-2025-40077

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40077?

A vulnerability in the Linux kernel's f2fs file system has been identified, which could lead to potential overflow issues during left shift operations. This flaw arises from using the inappropriate type for the folio->index variable, which should be cast from pgoff_t to loff_t. Failure to implement this fix could result in erroneous behavior in file system operations, potentially allowing for exploitation if not addressed.

Affected Version(s)

Linux 3265d3db1f16395cfc6b8ea9b31b4001d98d05ef < 57d3381dfb97ff73ddd18601017fec21cca80985

Linux 3265d3db1f16395cfc6b8ea9b31b4001d98d05ef < 0fe1c6bec54ea68ed8c987b3890f2296364e77bb

Linux 5.8

References

https://git.kernel.org/stable/c/57d3381dfb97ff73ddd186010...

https://git.kernel.org/stable/c/0fe1c6bec54ea68ed8c987b38...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON