-

CVE-2025-40179

EPSS 0.04%
Veröffentlicht 12.11.2025 21:56:24
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ext4: verify orphan file size is not too big

In the Linux kernel, the following vulnerability has been resolved:

ext4: verify orphan file size is not too big

In principle orphan file can be arbitrarily large. However orphan replay
needs to traverse it all and we also pin all its buffers in memory. Thus
filesystems with absurdly large orphan files can lead to big amounts of
memory consumed. Limit orphan file size to a sane value and also use
kvmalloc() for allocating array of block descriptor structures to avoid
large order allocations for sane but large orphan files.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

CNA 2 VulnDex Vulnerability Enrichment 8

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 02f310fcf47fa9311d6ba2946a8d19e7d7d11f37

Version < 95a21611b14ae0a401720645245a8db16f040995

Status affected

Version 02f310fcf47fa9311d6ba2946a8d19e7d7d11f37

Version < 566a1d6084563bd07433025aa23bcea4427de107

Status affected

Version 02f310fcf47fa9311d6ba2946a8d19e7d7d11f37

Version < 304fc34ff6fc8261138fd81f119e024ac3a129e9

Status affected

Version 02f310fcf47fa9311d6ba2946a8d19e7d7d11f37

Version < a2d803fab8a6c6a874277cb80156dc114db91921

Status affected

Version 02f310fcf47fa9311d6ba2946a8d19e7d7d11f37

Version < 2b9da798ff0f4d026c5f0f815047393ebe7d8859

Status affected

Version 02f310fcf47fa9311d6ba2946a8d19e7d7d11f37

Version < 0a6ce20c156442a4ce2a404747bb0fb05d54eeb3

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version 0

Version < 5.15

Status unaffected

Version <= 5.15.*

Version 5.15.195

Status unaffected

Version <= 6.1.*

Version 6.1.157

Status unaffected

Version <= 6.6.*

Version 6.6.113

Status unaffected

Version <= 6.12.*

Version 6.12.54

Status unaffected

Version <= 6.17.*

Version 6.17.4

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.12

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/95a21611b14ae0a401720645245a8db16f040995

https://git.kernel.org/stable/c/566a1d6084563bd07433025aa23bcea4427de107

https://git.kernel.org/stable/c/304fc34ff6fc8261138fd81f119e024ac3a129e9

https://git.kernel.org/stable/c/a2d803fab8a6c6a874277cb80156dc114db91921

https://git.kernel.org/stable/c/2b9da798ff0f4d026c5f0f815047393ebe7d8859

https://git.kernel.org/stable/c/0a6ce20c156442a4ce2a404747bb0fb05d54eeb3

https://nvd.nist.gov/vuln/detail/CVE-2025-40179

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40179

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40179

EUVD