-
CVE-2025-40190
- EPSS 0.08%
- Veröffentlicht 12.11.2025 21:56:30
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
ext4: guard against EA inode refcount underflow in xattr update
In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4_xattr_inode_update_ref() reads an EA inode refcount that is already <= 0 and then applies ref_change (often -1). That lets the refcount underflow and we proceed with a bogus value, triggering errors like: EXT4-fs error: EA inode <n> ref underflow: ref_count=-1 ref_change=-1 EXT4-fs warning: ea_inode dec ref err=-117 Make the invariant explicit: if the current refcount is non-positive, treat this as on-disk corruption, emit ext4_error_inode(), and fail the operation with -EFSCORRUPTED instead of updating the refcount. Delete the WARN_ONCE() as negative refcounts are now impossible; keep error reporting in ext4_error_inode(). This prevents the underflow and the follow-on orphan/cleanup churn.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version <
ea39e712c2f5ae148ee5515798ae03523673e002
Status
affected
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version <
1cfb3e4ddbdc8e02e637b8852540bd4718bf4814
Status
affected
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version <
505e69f76ac497e788f4ea0267826ec7266b40c8
Status
affected
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version <
3d6269028246f4484bfed403c947a114bb583631
Status
affected
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version <
79ea7f3e11effe1bd9e753172981d9029133a278
Status
affected
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version <
6b879c4c6bbaab03c0ad2a983953bd1410bb165e
Status
affected
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version <
440b003f449a4ff2a00b08c8eab9ba5cd28f3943
Status
affected
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version <
57295e835408d8d425bef58da5253465db3d6888
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version <=
5.4.*
Version
5.4.301
Status
unaffected
Version <=
5.10.*
Version
5.10.246
Status
unaffected
Version <=
5.15.*
Version
5.15.195
Status
unaffected
Version <=
6.1.*
Version
6.1.157
Status
unaffected
Version <=
6.6.*
Version
6.6.113
Status
unaffected
Version <=
6.12.*
Version
6.12.54
Status
unaffected
Version <=
6.17.*
Version
6.17.4
Status
unaffected
Version <=
*
Version
6.18
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.226 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|