CVE-2025-40241

NONE EPSS 5.1%
Published Dec 4, 20257mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 4, 2025 7mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: erofs: fix crafted invalid cases for encoded extents Robert recently reported two corrupted images that can cause system crashes, which are related to the new encoded extents introduced in Linux 6.15: - The first one [1] has plen != 0 (e.g. plen == 0x2000000) but (plen & Z_EROFS_EXTENT_PLEN_MASK) == 0. It is used to represent special extents such as sparse extents (!EROFS_MAP_MAPPED), but previously only plen == 0 was handled; - The second one [2] has pa 0xffffffffffdcffed and plen 0xb4000, then "cur [0xfffffffffffff000] += bvec.bv_len [0x1000]" in "} while ((cur += bvec.bv_len) < end);" wraps around, causing an out-of-bound access of pcl->compressed_bvecs[] in z_erofs_submit_queue(). EROFS only supports 48-bit physical block addresses (up to 1EiB for 4k blocks), so add a sanity check to enforce this.

Threat Intelligence

EPSS Exploit Probability
5.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 2

  • git.kernel.org https://git.kernel.org/stable/c/00d8fe0b72f4ca0a983abced36aad2160038c421
  • git.kernel.org https://git.kernel.org/stable/c/a429b76114aaca3ef1aff4cd469dcf025431bd11

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.