CVE-2025-40190

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the ext4 filesystem related to extended attribute (xattr) handling. Specifically, a race condition can occur during xattr updates, leading to an EA inode refcount underflow. This happens when ext4 xattr inode update ref() reads a refcount that is already zero or negative and then attempts to decrement it. This can result in errors such as "EXT4-fs error: EA inode ref underflow" and "EXT4-fs warning: ea inode dec ref err=-117". The issue is addressed by preventing the refcount from underflowing and treating non-positive refcounts as on-disk corruption, failing the operation with -EFSCORRUPTED. The vulnerable code path was discovered by syzkaller.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.