Out of Bounds Memory Read Vulnerability in Linux Kernel XFS by Vendor
CVE-2025-40246
What is CVE-2025-40246?
The Linux kernel has been found to contain a flaw within the XFS file system that allows for an out of bounds memory read error during symlink repair operations. This vulnerability arises when the size of the data fork (if_bytes) can be less than the actually allocated buffer size, leading to potential memory access violations. In particular, this issue can be triggered under specific conditions where symbolic links are involved, resulting in a risk of crashing or unintended behavior in system processes. Mitigation steps should be taken to ensure affected systems are updated with the latest kernel release to address this flaw.
Affected Version(s)
Linux 2651923d8d8db00a57665822f017fa7c76758044 < 7c2d68e091584149fe89bcbaf9b99b3162d46ee7
Linux 2651923d8d8db00a57665822f017fa7c76758044 < 81a8685cac4bf081c93a7df591644f4f80240bb9
Linux 2651923d8d8db00a57665822f017fa7c76758044 < 678e1cc2f482e0985a0613ab4a5bf89c497e5acc