CVE-2025-40295

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc2+

Description The Linux kernel contains an issue within the fscrypt component where a left shift underflow can occur when inode->i blkbits is greater than PAGE SHIFT. This can happen when simulating an NVMe device on QEMU with both logical block size and physical block size set to 8 KiB, leading to an error trace during partition table reading at boot time. The issue is triggered by a left shift of -1, resulting in a UBSAN warning. The problem arises because CONFIG TRANSPARENT HUGEPAGE enables a maximum logical block size of 64 KiB, and set init blocksize() sets inode->i blkbits to 13, which can cause the underflow. File I/O does not trigger this issue in filesystems that do not support the FS LBS feature, as sb set blocksize() prevents sb->s blocksize bits from exceeding PAGE SHIFT.

Recommendations Versions prior to 6.18.0-rc2+ should be updated.