CVE-2025-40287

06.12.2025, 22:15

In the Linux kernel, the following vulnerability has been resolved:

exfat: fix improper check of dentry.stream.valid_size

We found an infinite loop bug in the exFAT file system that can lead to a
Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is
malformed, the following system calls  SYS_openat, SYS_ftruncate, and
SYS_pwrite64  can cause the kernel to hang.

Root cause analysis shows that the size validation code in exfat_find()
does not check whether dentry.stream.valid_size is negative. As a result,
the system calls mentioned above can succeed and eventually trigger the DoS
issue.

This patch adds a check for negative dentry.stream.valid_size to prevent
this vulnerability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	vulnerable
bookworm (security)	vulnerable
trixie	vulnerable
trixie (security)	vulnerable
forky	6.17.9-1 fixed
sid	6.17.10-1 fixed

References

https://git.kernel.org/stable/c/204b1b02ee018ba52ad2ece21fe3a8643d66a1b2

https://git.kernel.org/stable/c/6c627bcc1896ba62ec793d0c00da74f3c93ce3ad

https://git.kernel.org/stable/c/82ebecdc74ff555daf70b811d854b1f32a296bea