CVE-2025-40287

Linux Kernel - Denial of Service via Malformed exFAT Dentry Stream Size

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls — SYS_openat, SYS_ftruncate, and SYS_pwrite64 — can cause the kernel to hang. Root cause analysis shows that the size validation code in exfat_find() does not check whether dentry.stream.valid_size is negative. As a result, the system calls mentioned above can succeed and eventually trigger the DoS issue. This patch adds a check for negative dentry.stream.valid_size to prevent this vulnerability.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/6c627bcc1896ba62ec793d0c00da74f3c93ce3ad

Patch

https://git.kernel.org/stable/c/204b1b02ee018ba52ad2ece21fe3a8643d66a1b2

Patch

https://git.kernel.org/stable/c/82ebecdc74ff555daf70b811d854b1f32a296bea

Scores

EPSS 0.0003

EPSS Percentile 9.5%

Details

Status published

Products (10)

linux/Kernel 6.13.0 - 6.17.9linux

linux/Kernel 6.8.0 - 6.12.59linux

Linux/Linux < 6.8

Linux/Linux 11a347fb6cef62ce47e84b97c45f2b2497c7593b - 204b1b02ee018ba52ad2ece21fe3a8643d66a1b2

Linux/Linux 11a347fb6cef62ce47e84b97c45f2b2497c7593b - 6c627bcc1896ba62ec793d0c00da74f3c93ce3ad

Linux/Linux 11a347fb6cef62ce47e84b97c45f2b2497c7593b - 82ebecdc74ff555daf70b811d854b1f32a296bea

Linux/Linux 6.12.59 - 6.12.*

Linux/Linux 6.17.9 - 6.17.*

Linux/Linux 6.18

Linux/Linux 6.8

Published Dec 06, 2025

Tracked Since Feb 18, 2026