216.73.216.242

CVE-2025-40287

· Published 06/12/2025 22:15 · Modified 08/12/2025 18:26

Labels: CVE-2025-40287 2025-12-06416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2025-40287

Essential information

Published
06/12/2025 22:15
Modified
08/12/2025 18:26
Author
Creator
CISA KEV
No
CWE

Description

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls — SYS_openat, SYS_ftruncate, and SYS_pwrite64 — can cause the kernel to hang. Root cause analysis shows that the size validation code in exfat_find() does not check whether dentry.stream.valid_size is negative. As a result, the system calls mentioned above can succeed and eventually trigger the DoS issue. This patch adds a check for negative dentry.stream.valid_size to prevent this vulnerability.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD
View on NVD

References