PT-2025-49438 · Linux+5 · Linux Kernel+5

Published

2025-12-08

·

Updated

2026-05-26

·

CVE-2025-40306

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw within the orangefs module related to extended attribute (xattr) handling. The xattr key() helper function incorrectly uses a pointer variable in the loop condition instead of dereferencing it, leading to a potentially infinite loop that can consume CPU resources, hang threads, or cause kernel oops errors. This issue can corrupt orangefs files. Additionally, a memory leak was identified and addressed in the xattr cache due to incorrect hashing within the hash add function, which was resolved by switching to hlist add head. This memory leak manifested as out-of-memory (OOM) conditions during testing with the xfstest tool. The issue was reproducible using setfattr and getfattr.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2025-40306
DLA-4404-1
ECHO-AA1D-775B-C589
MGASA-2026-0017
MGASA-2026-0018
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0293-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8100-1
USN-8116-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu
Orangefs
Xfstests