Infinite Loop Vulnerability in Linux Kernel F2FS Component
CVE-2025-40333

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40333?

A vulnerability in the Linux kernel's F2FS (Flash-Friendly File System) can lead to an infinite loop during the insertion of extent nodes in an rb tree when incorrect extent info data is encountered. This situation arises specifically when the CONFIG_F2FS_CHECK_FS option is disabled (set to 'n'). Developers have addressed the issue by implementing a check that returns NULL and logs relevant kernel messages, preventing the system from entering an endless loop state.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 765f8816d3959ef1f3f7f85e2af748594d091f40

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/765f8816d3959ef1f3f7f85e2...

https://git.kernel.org/stable/c/c0b9951bb2668d67eb4817bb2...

https://git.kernel.org/stable/c/f4c31adcb2a0556f43776d4e5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON