Memory Corruption Vulnerability in Linux Kernel Affects exFAT Filesystem
CVE-2025-40307

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
8 December 2025

What is CVE-2025-40307?

A memory corruption vulnerability exists in the exFAT implementation of the Linux kernel. When creating an exFAT image with improperly set cluster bits in the allocation bitmap, it allows potential exploitation where existing entries may be deleted and reclaimed incorrectly. The vulnerabilities stem from the lack of validation for the cluster allocation bitmap when directories are created, which can lead to inconsistencies within the filesystem. The recent patch introduces validation checks to ensure that the clusters designated for allocation are indeed marked as in-use, thereby mitigating these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < 6bc58b4c53795ab5fe00648344aa7d9d61175f90

Linux 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < 13c1d24803d5b0446b3f6f0fdd67e07ac1fdc7bf

Linux 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < 79c1587b6cda74deb0c86fc7ba194b92958c793c

References

https://git.kernel.org/stable/c/6bc58b4c53795ab5fe0064834...
https://git.kernel.org/stable/c/13c1d24803d5b0446b3f6f0fd...
https://git.kernel.org/stable/c/79c1587b6cda74deb0c86fc7b...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.