CVE-2025-40241

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.15 and later

Description The Linux kernel contains an issue related to encoded extents within the erofs filesystem. Specifically, crafted, invalid images can cause system crashes. This occurs due to improper handling of plen values and potential out-of-bounds access during processing of compressed block vectors in the z erofs submit queue() function. The issue involves a wrap-around during address calculation when processing extents, potentially leading to memory corruption. The vulnerability is triggered by specific conditions related to physical address (pa) and extent length (plen) values.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.