CVE-2025-40246

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc4-djwx

Description The Linux kernel contains a flaw related to out-of-bounds memory access during symlink repair within the XFS filesystem. Specifically, an incorrect calculation in the min() function leads to reading beyond the allocated buffer when handling symbolic links. This issue occurs because the size of the xfs ifork::if bytes buffer can be smaller than the actual data fork size, particularly for symbolic links. The vulnerability is triggered during metadata scrubbing operations, potentially leading to system instability or crashes. The issue was identified through kfence testing and reported by xfs/286.

Recommendations Update to a version newer than 6.18.0-rc4-djwx to address this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-40246

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

Xfs

CVE-2025-40246

Related Identifiers

Affected Products

References · 660