CVE-2025-40167

NONE EPSS 6.8%
Published Nov 12, 20257mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Nov 12, 2025 7mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINE_DATA + EXTENTS flag combination syzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity file on a corrupted ext4 filesystem mounted without a journal. The issue is that the filesystem has an inode with both the INLINE_DATA and EXTENTS flags set: EXT4-fs error (device loop0): ext4_cache_extents:545: inode #15: comm syz.0.17: corrupted extent tree: lblk 0 < prev 66 Investigation revealed that the inode has both flags set: DEBUG: inode 15 - flag=1, i_inline_off=164, has_inline=1, extents_flag=1 This is an invalid combination since an inode should have either: - INLINE_DATA: data stored directly in the inode - EXTENTS: data stored in extent-mapped blocks Having both flags causes ext4_has_inline_data() to return true, skipping extent tree validation in __ext4_iget(). The unvalidated out-of-order extents then trigger a BUG_ON in ext4_es_cache_extent() due to integer underflow when calculating hole sizes. Fix this by detecting this invalid flag combination early in ext4_iget() and rejecting the corrupted inode.

Threat Intelligence

EPSS Exploit Probability
6.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • git.kernel.org https://git.kernel.org/stable/c/1437c95ab2a28b138d4521653583729f61ccb48b
  • git.kernel.org https://git.kernel.org/stable/c/1d3ad183943b38eec2acf72a0ae98e635dc8456b
  • git.kernel.org https://git.kernel.org/stable/c/1f5ccd22ff482639133f2a0fe08f6d19d0e68717
  • git.kernel.org https://git.kernel.org/stable/c/2e9e10657b04152ed0d6ecae8d0c02a3405e28f5
  • git.kernel.org https://git.kernel.org/stable/c/4954d297c91d292630ab43ba4d195dc371ce65d3
  • git.kernel.org https://git.kernel.org/stable/c/cb6039b68efa547b676a8a10fc4618d9d1865c23
  • git.kernel.org https://git.kernel.org/stable/c/de985264eef64be8a90595908f2e6a87946dad34
  • git.kernel.org https://git.kernel.org/stable/c/f061f7c331fc16250fc82aa68964f35821687217

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.