CVE-2025-40333

Linux Kernel 3.8-6.6.116, 6.7-6.12.57, 6.13-6.17.7 - Denial of Service via F2FS Extent Tree Insertion Loop

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in __insert_extent_tree() When we get wrong extent info data, and look up extent_node in rb tree, it will cause infinite loop (CONFIG_F2FS_CHECK_FS=n). Avoiding this by return NULL and print some kernel messages in that case.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/765f8816d3959ef1f3f7f85e2af748594d091f40

Patch

https://git.kernel.org/stable/c/c0b9951bb2668d67eb4817bb23fc109abc08c075

Patch

https://git.kernel.org/stable/c/f4c31adcb2a0556f43776d4e51a67de88d7fb9ee

Patch

https://git.kernel.org/stable/c/23361bd54966b437e1ed3eb1a704572f4b279e58

Scores

EPSS 0.0004

EPSS Percentile 11.2%

Details

Status published

Products (13)

linux/Kernel 3.8.0 - 6.6.117linux

linux/Kernel 6.13.0 - 6.17.8linux

linux/Kernel 6.7.0 - 6.12.58linux

Linux/Linux < 3.8

Linux/Linux 3.8

Linux/Linux 6.12.58 - 6.12.*

Linux/Linux 6.17.8 - 6.17.*

Linux/Linux 6.18

Linux/Linux 6.6.117 - 6.6.*

Linux/Linux 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 - 23361bd54966b437e1ed3eb1a704572f4b279e58

... and 3 more

Published Dec 09, 2025

Tracked Since Feb 18, 2026