CVE-2025-40179

CVSS v2.0

3.8

Low

Vector

AV:L/AC:H/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to orphan file size verification in the ext4 filesystem. An orphan file could be arbitrarily large, potentially leading to excessive memory consumption during orphan replay due to traversing the file and pinning its buffers in memory. The issue is addressed by limiting the orphan file size to a reasonable value and utilizing kvmalloc() for allocating block descriptor structures, which avoids large order allocations for sizable orphan files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

AZL-70061

BDU:2025-16153

CVE-2025-40179

DLA-4379-1

OESA-2025-2765

OESA-2025-2766

OESA-2025-2767

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8033-1

USN-8033-2

USN-8033-3

USN-8033-4

USN-8033-5

USN-8033-6

USN-8033-7

USN-8033-8

USN-8034-1

USN-8034-2

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8141-1

USN-8163-1

USN-8163-2

USN-8165-1

USN-8243-1

USN-8261-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

Ext4

CVE-2025-40179

Weakness Enumeration

Related Identifiers

Affected Products

References · 3302