Vulnerability in Linux Kernel Affecting EXT4 Filesystem
CVE-2025-40167

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
12 November 2025

What is CVE-2025-40167?

A vulnerability exists in the Linux kernel's ext4 filesystem where an inode improperly holds both INLINE_DATA and EXTENTS flags. This invalid combination prevents the system from correctly validating extent trees during inode retrieval. Subsequently, it leads to a situation where out-of-order extents can trigger a BUG_ON error due to integer underflow when determining hole sizes. The fix involves early detection of this flag conflict in the ext4_iget() function, rejecting the corrupted inode to maintain filesystem integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux f19d5870cbf72d4cb2a8e1f749dff97af99b071e < 4954d297c91d292630ab43ba4d195dc371ce65d3

Linux f19d5870cbf72d4cb2a8e1f749dff97af99b071e

Linux f19d5870cbf72d4cb2a8e1f749dff97af99b071e < 2e9e10657b04152ed0d6ecae8d0c02a3405e28f5

References

https://git.kernel.org/stable/c/4954d297c91d292630ab43ba4...
https://git.kernel.org/stable/c/f061f7c331fc16250fc82aa68...
https://git.kernel.org/stable/c/2e9e10657b04152ed0d6ecae8...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.