CVE-2025-40128

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc4-custom+ #283

Description The Linux kernel contains a flaw related to handling symbolic links when the block size is larger than the page size (bs > ps) within the Btrfs filesystem. Specifically, the issue arises from incorrect folio order handling for newly created inodes, leading to a kernel BUG when attempting to read symbolic links. The root cause is the conditional setting of inode mapping order within btrfs create new inode(), which doesn't account for symbolic links properly. The fix involves unconditionally calling btrfs set inode mapping order() within btrfs create new inode(). This ensures correct folio order for symbolic links, preventing the crash, while having no impact on regular files or other inode types.

Recommendations Update to a version later than 6.17.0-rc4-custom+ #283.