Symbolic Link Handling Vulnerability in Btrfs Product from Linux Vendor
CVE-2025-40128

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40128?

A vulnerability exists in the Btrfs file system within the Linux kernel, particularly affecting the handling of symbolic links when the block size exceeds the page size. When creating a symbolic link in such scenarios, users may encounter a kernel crash, leading to system instability. This issue arises due to improper handling of inode mapping orders, causing the system to fail during link resolution. A fix has been implemented to ensure that the inode mapping order is correctly set, thereby preventing this crash in affected environments.

Affected Version(s)

Linux cc38d178ff33543cdb0bd58cfbb9a7c41372ff75 < 3ea252a5c48dd3a4e1f7d0c53d3b0f7b648becc9

Linux cc38d178ff33543cdb0bd58cfbb9a7c41372ff75 < 67378b754608a3524d125bfa5744508a49fe48be

Linux 6.17

References

https://git.kernel.org/stable/c/3ea252a5c48dd3a4e1f7d0c53...

https://git.kernel.org/stable/c/67378b754608a3524d125bfa5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON