CVE-2025-40241
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-04

Last updated on: 2025-12-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: erofs: fix crafted invalid cases for encoded extents Robert recently reported two corrupted images that can cause system crashes, which are related to the new encoded extents introduced in Linux 6.15: - The first one [1] has plen != 0 (e.g. plen == 0x2000000) but (plen & Z_EROFS_EXTENT_PLEN_MASK) == 0. It is used to represent special extents such as sparse extents (!EROFS_MAP_MAPPED), but previously only plen == 0 was handled; - The second one [2] has pa 0xffffffffffdcffed and plen 0xb4000, then "cur [0xfffffffffffff000] += bvec.bv_len [0x1000]" in "} while ((cur += bvec.bv_len) < end);" wraps around, causing an out-of-bound access of pcl->compressed_bvecs[] in z_erofs_submit_queue(). EROFS only supports 48-bit physical block addresses (up to 1EiB for 4k blocks), so add a sanity check to enforce this.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-04
Last Modified
2025-12-04
Generated
2026-06-16
AI Q&A
2025-12-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40241
EUVD
EUVD-2025-201218
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.15
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's erofs filesystem involves improper handling of crafted invalid cases for encoded extents. Specifically, two corrupted image cases can cause system crashes: one where a special extent's plen value is non-zero but incorrectly handled, and another where an out-of-bound access occurs due to address wrapping caused by invalid physical block addresses exceeding supported limits. The fix adds sanity checks to prevent these issues.

Impact Analysis

This vulnerability can cause system crashes due to corrupted erofs filesystem images with crafted invalid encoded extents. Such crashes may lead to denial of service or system instability when accessing affected filesystems.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40241. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart