CVE-2025-40333

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix infinite loop in __insert_extent_tree()

When we get wrong extent info data, and look up extent_node in rb tree,
it will cause infinite loop (CONFIG_F2FS_CHECK_FS=n). Avoiding this by
return NULL and print some kernel messages in that case.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
bookworm (security)
vulnerable
trixie
vulnerable
trixie (security)
vulnerable
forky
6.17.9-1
fixed
sid
6.17.11-1
fixed
References
https://git.kernel.org/stable/c/23361bd54966b437e1ed3eb1a704572f4b279e58
https://git.kernel.org/stable/c/765f8816d3959ef1f3f7f85e2af748594d091f40
https://git.kernel.org/stable/c/c0b9951bb2668d67eb4817bb23fc109abc08c075
https://git.kernel.org/stable/c/f4c31adcb2a0556f43776d4e51a67de88d7fb9ee