Null Pointer Dereference Vulnerability in Linux Kernel's f2fs File System
CVE-2025-40138

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40138?

A vulnerability exists in the f2fs (Flash-Friendly File System) component of the Linux kernel that leads to a null pointer dereference due to improper validation of pointers before comparison operations. Specifically, an inconsistency in the quota checks, triggered during remounting with user quota options, could result in unexpected crashes and potentially compromise system stability. To mitigate this, it is essential to ensure that all pointers are validated before any operations are performed. System administrators are advised to apply the latest kernel updates to address this issue.

Affected Version(s)

Linux d185351325237da688de006a2c579e82ea97bdfe < 3f3458852bbfe79c60f2412b8b04677b96688b6e

Linux d185351325237da688de006a2c579e82ea97bdfe < 930a9a6ee8e7ffa20af4bffbfc2bbd21d83bf81c

Linux 6.17

References

https://git.kernel.org/stable/c/3f3458852bbfe79c60f2412b8...

https://git.kernel.org/stable/c/930a9a6ee8e7ffa20af4bffbf...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON