CVE-2025-40287

Summary

In the Linux kernel, the following vulnerability has been resolved:

exfat: fix improper check of dentry.stream.valid_size

We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls — SYS_openat, SYS_ftruncate, and SYS_pwrite64 — can cause the kernel to hang.

Root cause analysis shows that the size validation code in exfat_find() does not check whether dentry.stream.valid_size is negative. As a result, the system calls mentioned above can succeed and eventually trigger the DoS issue.

This patch adds a check for negative dentry.stream.valid_size to prevent this vulnerability.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux11a347fb6cef62ce47e84b97c45f2b2497c7593b < 6c627bcc1896ba62ec793d0c00da74f3c93ce3adaffected
LinuxLinux11a347fb6cef62ce47e84b97c45f2b2497c7593b < 204b1b02ee018ba52ad2ece21fe3a8643d66a1b2affected
LinuxLinux11a347fb6cef62ce47e84b97c45f2b2497c7593b < 82ebecdc74ff555daf70b811d854b1f32a296beaaffected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.12.59 <= 6.12.*unaffected
LinuxLinux6.17.9 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References