Linux Kernel Vulnerability in VFAT Filesystem on QEMU by The Linux Foundation
CVE-2025-40265

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40265?

A vulnerability in the Linux kernel's VFAT filesystem can cause a kernel panic when emulating an NVMe device on QEMU. This occurs if both logical_block_size and physical_block_size are configured to 8 KiB without proper formatting, leading to failure during the early boot stage while attempting to mount the filesystem. This issue has been addressed by ensuring the return value checks for sb_min_blocksize() are properly implemented, mitigating conditions that trigger the kernel panic.

Affected Version(s)

Linux a64e5a596067bddba87fcc2ce37e56c3fca831b7

Linux a64e5a596067bddba87fcc2ce37e56c3fca831b7 < 63b5aa01da0f38cdbd97d021477258e511631497

Linux 6.15

References

https://git.kernel.org/stable/c/ee767b99b0045be286cceb826...

https://git.kernel.org/stable/c/63b5aa01da0f38cdbd97d0214...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON