CVE-2025-40287
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-06

Last updated on: 2025-12-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls β€” SYS_openat, SYS_ftruncate, and SYS_pwrite64 β€” can cause the kernel to hang. Root cause analysis shows that the size validation code in exfat_find() does not check whether dentry.stream.valid_size is negative. As a result, the system calls mentioned above can succeed and eventually trigger the DoS issue. This patch adds a check for negative dentry.stream.valid_size to prevent this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-06
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-12-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40287
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an infinite loop bug in the exFAT file system of the Linux kernel. It occurs because the size validation code does not check if dentry.stream.valid_size is negative. When a malformed dentry with a negative valid_size is processed, certain system calls (SYS_openat, SYS_ftruncate, SYS_pwrite64) can cause the kernel to hang, leading to a Denial-of-Service (DoS) condition. The issue is fixed by adding a check to prevent negative valid_size values.

Impact Analysis

This vulnerability can cause the Linux kernel to hang when handling malformed exFAT file system entries, resulting in a Denial-of-Service (DoS) condition. This means that affected systems may become unresponsive or stop functioning properly when processing certain file operations on exFAT filesystems.

Mitigation Strategies

To mitigate this vulnerability, update your Linux kernel to a version that includes the patch fixing the improper check of dentry.stream.valid_size in the exFAT filesystem. This patch prevents the infinite loop and Denial-of-Service condition caused by malformed dentries. Until the update is applied, avoid using SYS_openat, SYS_ftruncate, and SYS_pwrite64 system calls on exFAT filesystems with potentially untrusted or malformed files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40287. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart