Linux Kernel F2FS Error Handling Vulnerability in Multiple Distributions
CVE-2025-40137

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40137?

A vulnerability exists in the Linux kernel's F2FS (Flash-Friendly File System) related to improper handling of page truncation during error scenarios. This flaw can lead to data corruption and unexpected behavior in the filesystem, particularly evident in the 'f2fs_truncate()' function. When the kernel fails to properly truncate all page cache before destroying an inode after a failure, it can leave inodes in an inconsistent state, potentially causing system hangs or crashes. Users running affected versions are advised to monitor their systems for anomalies and apply updates to mitigate risks.

Affected Version(s)

Linux 92dffd01790a5219d234fc83c3ba854f4490b7f4 < 83a8e4efea022506a0e049e7206bdf8be9f78148

Linux 92dffd01790a5219d234fc83c3ba854f4490b7f4

Linux 92dffd01790a5219d234fc83c3ba854f4490b7f4 < 3b0c8908faa18cded84d64822882a830ab1f4d26

References

https://git.kernel.org/stable/c/83a8e4efea022506a0e049e72...

https://git.kernel.org/stable/c/a7b7ebdd7045a36454b3e388a...

https://git.kernel.org/stable/c/3b0c8908faa18cded84d64822...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON