CVE-2025-40287

UNKNOWN 0.0

exfat: fix improper check of dentry.stream.valid_size

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls — SYS_openat, SYS_ftruncate, and SYS_pwrite64 — can cause the kernel to hang. Root cause analysis shows that the size validation code in exfat_find() does not check whether dentry.stream.valid_size is negative. As a result, the system calls mentioned above can succeed and eventually trigger the DoS issue. This patch adds a check for negative dentry.stream.valid_size to prevent this vulnerability.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Dec 6, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

11a347fb6cef62ce47e84b97c45f2b2497c7593b < 6c627bcc1896ba62ec793d0c00da74f3c93ce3ad 11a347fb6cef62ce47e84b97c45f2b2497c7593b < 204b1b02ee018ba52ad2ece21fe3a8643d66a1b2 11a347fb6cef62ce47e84b97c45f2b2497c7593b < 82ebecdc74ff555daf70b811d854b1f32a296bea

Linux / Linux

6.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/6c627bcc1896ba62ec793d0c00da74f3c93ce3ad git.kernel.org: https://git.kernel.org/stable/c/204b1b02ee018ba52ad2ece21fe3a8643d66a1b2 git.kernel.org: https://git.kernel.org/stable/c/82ebecdc74ff555daf70b811d854b1f32a296bea