CVE-2025-40233
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-04

Last updated on: 2025-12-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: clear extent cache after moving/defragmenting extents The extent map cache can become stale when extents are moved or defragmented, causing subsequent operations to see outdated extent flags. This triggers a BUG_ON in ocfs2_refcount_cal_cow_clusters(). The problem occurs when: 1. copy_file_range() creates a reflinked extent with OCFS2_EXT_REFCOUNTED 2. ioctl(FITRIM) triggers ocfs2_move_extents() 3. __ocfs2_move_extents_range() reads and caches the extent (flags=0x2) 4. ocfs2_move_extent()/ocfs2_defrag_extent() calls __ocfs2_move_extent() which clears OCFS2_EXT_REFCOUNTED flag on disk (flags=0x0) 5. The extent map cache is not invalidated after the move 6. Later write() operations read stale cached flags (0x2) but disk has updated flags (0x0), causing a mismatch 7. BUG_ON(!(rec->e_flags & OCFS2_EXT_REFCOUNTED)) triggers Fix by clearing the extent map cache after each extent move/defrag operation in __ocfs2_move_extents_range(). This ensures subsequent operations read fresh extent data from disk.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-04
Last Modified
2025-12-04
Generated
2026-06-16
AI Q&A
2025-12-04
EPSS Evaluated
2026-06-14
NVD
CVE-2025-40233
EUVD
EUVD-2025-201226
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's ocfs2 filesystem where the extent map cache is not properly cleared after extents are moved or defragmented. As a result, the cache can become stale and contain outdated extent flags. When subsequent operations read this stale cache, they encounter a mismatch between cached flags and the actual flags on disk, leading to a kernel BUG_ON error in ocfs2_refcount_cal_cow_clusters(). The issue arises specifically when copy_file_range() creates a reflinked extent, ioctl(FITRIM) triggers extent moves, and the cache is not invalidated after these moves. The fix involves clearing the extent map cache after each extent move or defragment operation to ensure fresh data is read from disk.

Impact Analysis

This vulnerability can cause the Linux kernel to hit a BUG_ON condition, which typically results in a kernel panic or system crash. This can lead to system instability, potential data loss, or downtime, especially on systems using the ocfs2 filesystem with operations that move or defragment extents. Therefore, it can disrupt normal system operations and affect availability.

Mitigation Strategies

Apply the patch that clears the extent map cache after each extent move or defragment operation in the ocfs2 filesystem. This fix ensures that subsequent operations read fresh extent data from disk, preventing stale cache issues that trigger the BUG_ON condition.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40233. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart