CVE-2025-40167
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINE_DATA + EXTENTS flag combination syzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity file on a corrupted ext4 filesystem mounted without a journal. The issue is that the filesystem has an inode with both the INLINE_DATA and EXTENTS flags set: EXT4-fs error (device loop0): ext4_cache_extents:545: inode #15: comm syz.0.17: corrupted extent tree: lblk 0 < prev 66 Investigation revealed that the inode has both flags set: DEBUG: inode 15 - flag=1, i_inline_off=164, has_inline=1, extents_flag=1 This is an invalid combination since an inode should have either: - INLINE_DATA: data stored directly in the inode - EXTENTS: data stored in extent-mapped blocks Having both flags causes ext4_has_inline_data() to return true, skipping extent tree validation in __ext4_iget(). The unvalidated out-of-order extents then trigger a BUG_ON in ext4_es_cache_extent() due to integer underflow when calculating hole sizes. Fix this by detecting this invalid flag combination early in ext4_iget() and rejecting the corrupted inode.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40167
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's ext4 filesystem where an inode has an invalid combination of flags: both INLINE_DATA and EXTENTS are set. Normally, an inode should have either INLINE_DATA (data stored directly in the inode) or EXTENTS (data stored in extent-mapped blocks), but not both. This invalid combination causes the system to skip extent tree validation, leading to a BUG_ON error due to corrupted extent trees and integer underflow when calculating hole sizes. The fix involves detecting this invalid flag combination early and rejecting the corrupted inode.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to encounter a BUG_ON error when accessing corrupted ext4 filesystems with the invalid flag combination. This can lead to system instability or crashes when opening certain files, potentially causing data loss or denial of service on affected systems.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for ext4 filesystem errors related to inodes having both INLINE_DATA and EXTENTS flags set, which is invalid. Specifically, look for kernel log messages similar to: 'EXT4-fs error (device loop0): ext4_cache_extents:545: inode #15: comm syz.0.17: corrupted extent tree: lblk 0 < prev 66'. You can use the command 'dmesg | grep EXT4-fs' to find such errors. Additionally, inspecting inode flags on the ext4 filesystem for the invalid combination may require custom scripts or kernel debugging tools, as standard tools do not directly expose this condition.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves ensuring that ext4 filesystems are not mounted without a journal if they might be corrupted, as the issue occurs on corrupted ext4 filesystems mounted without a journal. Also, updating the Linux kernel to a version that includes the fix which detects and rejects inodes with both INLINE_DATA and EXTENTS flags set early in ext4_iget() is recommended to prevent the BUG_ON condition.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart