CVE-2025-40119

EPSS 0.03%
Veröffentlicht 12.11.2025 10:23:18
Zuletzt bearbeitet 12.11.2025 16:19:12
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix potential null deref in ext4_mb_init()

In ext4_mb_init(), ext4_mb_avg_fragment_size_destroy() may be called
when sbi->s_mb_avg_fragment_size remains uninitialized (e.g., if groupinfo
slab cache allocation fails). Since ext4_mb_avg_fragment_size_destroy()
lacks null pointer checking, this leads to a null pointer dereference.

==================================================================
EXT4-fs: no memory for groupinfo slab cache
BUG: kernel NULL pointer dereference, address: 0000000000000000
PGD 0 P4D 0
Oops: Oops: 0002 [#1] SMP PTI
CPU:2 UID: 0 PID: 87 Comm:mount Not tainted 6.17.0-rc2 #1134 PREEMPT(none)
RIP: 0010:_raw_spin_lock_irqsave+0x1b/0x40
Call Trace:
 <TASK>
 xa_destroy+0x61/0x130
 ext4_mb_init+0x483/0x540
 __ext4_fill_super+0x116d/0x17b0
 ext4_fill_super+0xd3/0x280
 get_tree_bdev_flags+0x132/0x1d0
 vfs_get_tree+0x29/0xd0
 do_new_mount+0x197/0x300
 __x64_sys_mount+0x116/0x150
 do_syscall_64+0x50/0x1c0
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
==================================================================

Therefore, add necessary null check to ext4_mb_avg_fragment_size_destroy()
to prevent this issue. The same fix is also applied to
ext4_mb_largest_free_orders_destroy().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 00110f3cfc9b34b2dfee2a6c9e55a0ae6df125ae

Version f7eaacbb4e54f8a6c6674c16eff54f703ea63d5e

Status affected

Version < 3c3fac6bc0a9c00dbe65d8dc0d3a282afe4d3188

Version f7eaacbb4e54f8a6c6674c16eff54f703ea63d5e

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.17

Status affected

Version < 6.17

Version 0

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.066

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/00110f3cfc9b34b2dfee2a6c9e55a0ae6df125ae

https://git.kernel.org/stable/c/3c3fac6bc0a9c00dbe65d8dc0d3a282afe4d3188

https://nvd.nist.gov/vuln/detail/CVE-2025-40119

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40119

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40119

EUVD