PT-2025-49439 · Microsoft+4 · Exfat+4

Published

2025-07-12

·

Updated

2026-05-07

·

CVE-2025-40307

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw within the exFAT file system related to the validation of cluster allocation bits in the allocation bitmap. Specifically, the system reads and utilizes the allocation bitmap without proper checks, potentially leading to issues when handling exFAT images with incorrectly set cluster bits. A crafted exFAT image can cause the system to allocate clusters incorrectly, potentially leading to the deletion or reallocation of existing entries during directory creation using mkdir. The issue arises because the allocation bitmap is not adequately validated, allowing clusters to be incorrectly marked as available and subsequently reallocated. The patch introduces exfat test bitmap range to validate the correct marking of clusters used for the allocation bitmap.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2026-05115
CVE-2025-40307
ECHO-F333-7532-54EF
OPENSUSE-SU-2026:20145-1
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:20207-1
SUSE-SU-2026:20220-1
SUSE-SU-2026:20228-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu
Exfat