Denial-of-Service Vulnerability in Linux Kernel exFAT File System
CVE-2025-40287

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40287?

A vulnerability in the Linux kernel's exFAT file system allows an attacker to exploit malformed directory entries, which can lead to an infinite loop and result in a Denial-of-Service condition. Specifically, certain system calls including SYS_openat, SYS_ftruncate, and SYS_pwrite64 can cause the kernel to hang when executed under these conditions. This is due to an improper validation check on the dentry.stream.valid_size parameter during file operations. A patch has been released to add safeguards against negative dentry.stream.valid_size values to mitigate this risk.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6c627bcc1896ba62ec793d0c00da74f3c93ce3ad

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 204b1b02ee018ba52ad2ece21fe3a8643d66a1b2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 82ebecdc74ff555daf70b811d854b1f32a296bea

References

https://git.kernel.org/stable/c/6c627bcc1896ba62ec793d0c0...

https://git.kernel.org/stable/c/204b1b02ee018ba52ad2ece21...

https://git.kernel.org/stable/c/82ebecdc74ff555daf70b811d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON