CVE-2025-40119
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2026-03-13

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential null deref in ext4_mb_init() In ext4_mb_init(), ext4_mb_avg_fragment_size_destroy() may be called when sbi->s_mb_avg_fragment_size remains uninitialized (e.g., if groupinfo slab cache allocation fails). Since ext4_mb_avg_fragment_size_destroy() lacks null pointer checking, this leads to a null pointer dereference. ================================================================== EXT4-fs: no memory for groupinfo slab cache BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: Oops: 0002 [#1] SMP PTI CPU:2 UID: 0 PID: 87 Comm:mount Not tainted 6.17.0-rc2 #1134 PREEMPT(none) RIP: 0010:_raw_spin_lock_irqsave+0x1b/0x40 Call Trace: <TASK> xa_destroy+0x61/0x130 ext4_mb_init+0x483/0x540 __ext4_fill_super+0x116d/0x17b0 ext4_fill_super+0xd3/0x280 get_tree_bdev_flags+0x132/0x1d0 vfs_get_tree+0x29/0xd0 do_new_mount+0x197/0x300 __x64_sys_mount+0x116/0x150 do_syscall_64+0x50/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e ================================================================== Therefore, add necessary null check to ext4_mb_avg_fragment_size_destroy() to prevent this issue. The same fix is also applied to ext4_mb_largest_free_orders_destroy().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2026-03-13
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40119
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a null pointer dereference in the Linux kernel's ext4 filesystem code. Specifically, in the ext4_mb_init() function, if the allocation of the groupinfo slab cache fails, a variable remains uninitialized. Subsequently, ext4_mb_avg_fragment_size_destroy() is called without checking for a null pointer, leading to a kernel crash due to dereferencing a null pointer.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash (kernel panic) when mounting ext4 filesystems under certain memory allocation failure conditions. This can lead to system instability, denial of service, and potential data loss or corruption if the system crashes unexpectedly.


What immediate steps should I take to mitigate this vulnerability?

Update the Linux kernel to a version where the ext4_mb_init() function includes the necessary null pointer checks in ext4_mb_avg_fragment_size_destroy() and ext4_mb_largest_free_orders_destroy() to prevent null pointer dereference. Avoid using vulnerable kernel versions and monitor for kernel oops messages related to ext4 memory allocation failures.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart