Memory Consumption Issue in Linux Kernel with ext4 Filesystem
CVE-2025-40179

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40179?

A vulnerability in the Linux kernel's ext4 filesystem allows for the creation of orphan files that can be excessively large, leading to significant memory consumption. As orphan files are processed, the kernel traverses large file sizes while pinning buffers in memory, potentially exhausting system resources. The vulnerability has been addressed by imposing a limit on the ostensible size of orphan files and employing kvmalloc() for the allocation of block descriptor structures, which mitigates the risk associated with large order memory allocations while maintaining performance for reasonably sized orphan files.

Affected Version(s)

Linux 02f310fcf47fa9311d6ba2946a8d19e7d7d11f37 < 95a21611b14ae0a401720645245a8db16f040995

Linux 02f310fcf47fa9311d6ba2946a8d19e7d7d11f37 < 566a1d6084563bd07433025aa23bcea4427de107

Linux 02f310fcf47fa9311d6ba2946a8d19e7d7d11f37 < 304fc34ff6fc8261138fd81f119e024ac3a129e9

References

https://git.kernel.org/stable/c/95a21611b14ae0a4017206452...

https://git.kernel.org/stable/c/566a1d6084563bd07433025aa...

https://git.kernel.org/stable/c/304fc34ff6fc8261138fd81f1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON