PT-2025-49388 · Linux+4 · Linux Kernel+4

Published

2025-10-15

Updated

2026-05-26

CVE-2025-40287

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the exFAT file system within the Linux kernel that can lead to a Denial-of-Service (DoS) condition. Malformed dentries in an exFAT filesystem can cause the kernel to hang when specific system calls—SYS openat, SYS ftruncate, and SYS pwrite64—are executed. The root cause is an improper check of dentry.stream.valid size within the exfat find() function, which does not validate for negative values. This allows the aforementioned system calls to succeed and trigger the DoS issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2026-02388

CVE-2025-40287

ECHO-1EFE-EDE0-4EB1

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

Exfat

PT-2025-49388 · Linux+4 · Linux Kernel+4

CVE-2025-40287

Weakness Enumeration

Related Identifiers

Affected Products

References · 3091