CVE-2025-40179
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan files can lead to big amounts of memory consumed. Limit orphan file size to a sane value and also use kvmalloc() for allocating array of block descriptor structures to avoid large order allocations for sane but large orphan files.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-14
Generated
2026-06-16
AI Q&A
2025-11-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40179
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the ext4 filesystem in the Linux kernel where orphan files can be arbitrarily large. During orphan replay, the system needs to traverse the entire orphan file and pins all its buffers in memory. If the orphan file is excessively large, it can consume a large amount of memory, potentially leading to resource exhaustion. The fix limits the orphan file size to a reasonable value and changes memory allocation methods to avoid large memory allocations for large but sane orphan files.

Impact Analysis

If exploited or triggered, this vulnerability can cause the system to consume excessive memory due to very large orphan files in the ext4 filesystem. This can lead to degraded system performance, potential denial of service, or instability as memory resources are exhausted or heavily strained.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for limiting orphan file size and uses kvmalloc() for memory allocation as described. This will prevent excessive memory consumption caused by large orphan files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40179. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart