Potential System Crashes in Linux Kernel's EROFS Due to Encoded Extents Issue
CVE-2025-40241

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40241?

A vulnerability affecting the Linux kernel's EROFS filesystem may allow crafted invalid cases related to newly introduced encoded extents to cause system crashes. Specifically, corrupted images can lead to out-of-bounds access due to improper handling of extent lengths and addresses. Users are advised to apply the latest updates to mitigate this risk.

Affected Version(s)

Linux 1d191b4ca51d73699cb127386b95ac152af2b930 < 00d8fe0b72f4ca0a983abced36aad2160038c421

Linux 1d191b4ca51d73699cb127386b95ac152af2b930

Linux 6.15

References

https://git.kernel.org/stable/c/00d8fe0b72f4ca0a983abced3...

https://git.kernel.org/stable/c/a429b76114aaca3ef1aff4cd4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON