CVE-2025-40361

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's ext4 file system implementation related to memory allocation within the extended attribute handling routines. Specifically, the ext4 xattr inode cache find function was using GFP KERNEL for memory allocation, while its parent function, ext4 xattr inode lookup create, used GFP NOFS. This discrepancy could lead to a deadlock situation. The issue was resolved by changing the memory allocation flag in ext4 xattr inode cache find to GFP NOFS, aligning it with the parent function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-40361

ECHO-DBA1-F0DA-FA23

MGASA-2026-0017

MGASA-2026-0018

OESA-2026-1759

OESA-2026-1760

OESA-2026-1761

Affected Products

Debian

Linux Kernel

Ext4

CVE-2025-40361

Related Identifiers

Affected Products

References · 161