CVE-2025-40313

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2025-12-08

Last updated on: 2025-12-08

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: ntfs3: pretend $Extend records as regular files Since commit af153bb63a33 ("vfs: catch invalid modes in may_open()") requires any inode be one of S_IFDIR/S_IFLNK/S_IFREG/S_IFCHR/S_IFBLK/ S_IFIFO/S_IFSOCK type, use S_IFREG for $Extend records.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-12-08

Last Modified

2025-12-08

Generated

2026-05-07

AI Q&A

2025-12-08

EPSS Evaluated

2026-05-05

NVD

CVE-2025-40313

Affected Vendors & Products

Vendor	Product	Version / Range
linux	linux_kernel	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-UNKNOWN

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability in the Linux kernel relates to the ntfs3 driver incorrectly handling $Extend records by not treating them as regular files. The fix involves ensuring that $Extend records are treated as regular files (S_IFREG) to comply with inode type requirements introduced in a kernel commit that restricts valid inode types.

How can this vulnerability impact me? :

The vulnerability could cause improper handling of certain NTFS filesystem records, potentially leading to filesystem errors or unexpected behavior when accessing or manipulating $Extend records. This may affect system stability or data integrity when using NTFS volumes.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-40313

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart