Buffer over-read vulnerability in Linux Kernel affecting ext4 file system
CVE-2025-40198

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
12 November 2025

What is CVE-2025-40198?

A vulnerability has been identified in the Linux kernel's ext4 file system where a potential buffer over-read can occur in the function parse_apply_sb_mount_options(). This issue arises due to the reliance on tune2fs for proper NUL termination of the s_mount_opts string within the ext4 superblock. The function is now hardened to mitigate risks associated with treating s_mount_opts as a potential __nonstring, enhancing the overall security of the file system.

Affected Version(s)

Linux 8b67f04ab9de5d8f3a71aef72bf02c995a506db5 < 7bf46ff83a0ef11836e38ebd72cdc5107209342d

Linux 8b67f04ab9de5d8f3a71aef72bf02c995a506db5

Linux 8b67f04ab9de5d8f3a71aef72bf02c995a506db5

References

https://git.kernel.org/stable/c/7bf46ff83a0ef11836e38ebd7...
https://git.kernel.org/stable/c/b2bac84fde28fb6a88817b8b7...
https://git.kernel.org/stable/c/e651294218d2684302ee5ed95...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-40198 : Buffer over-read vulnerability in Linux Kernel affecting ext4 file system