CVE-2025-40307

UNKNOWN 0.0

exfat: validate cluster allocation bits of the allocation bitmap

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: exfat: validate cluster allocation bits of the allocation bitmap syzbot created an exfat image with cluster bits not set for the allocation bitmap. exfat-fs reads and uses the allocation bitmap without checking this. The problem is that if the start cluster of the allocation bitmap is 6, cluster 6 can be allocated when creating a directory with mkdir. exfat zeros out this cluster in exfat_mkdir, which can delete existing entries. This can reallocate the allocated entries. In addition, the allocation bitmap is also zeroed out, so cluster 6 can be reallocated. This patch adds exfat_test_bitmap_range to validate that clusters used for the allocation bitmap are correctly marked as in-use.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Dec 8, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < 6bc58b4c53795ab5fe00648344aa7d9d61175f90 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < 13c1d24803d5b0446b3f6f0fdd67e07ac1fdc7bf 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < 79c1587b6cda74deb0c86fc7ba194b92958c793c

Linux / Linux

5.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/6bc58b4c53795ab5fe00648344aa7d9d61175f90 git.kernel.org: https://git.kernel.org/stable/c/13c1d24803d5b0446b3f6f0fdd67e07ac1fdc7bf git.kernel.org: https://git.kernel.org/stable/c/79c1587b6cda74deb0c86fc7ba194b92958c793c