CVE-2025-40119
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/11/2025
Last modified:
12/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ext4: fix potential null deref in ext4_mb_init()<br />
<br />
In ext4_mb_init(), ext4_mb_avg_fragment_size_destroy() may be called<br />
when sbi->s_mb_avg_fragment_size remains uninitialized (e.g., if groupinfo<br />
slab cache allocation fails). Since ext4_mb_avg_fragment_size_destroy()<br />
lacks null pointer checking, this leads to a null pointer dereference.<br />
<br />
==================================================================<br />
EXT4-fs: no memory for groupinfo slab cache<br />
BUG: kernel NULL pointer dereference, address: 0000000000000000<br />
PGD 0 P4D 0<br />
Oops: Oops: 0002 [#1] SMP PTI<br />
CPU:2 UID: 0 PID: 87 Comm:mount Not tainted 6.17.0-rc2 #1134 PREEMPT(none)<br />
RIP: 0010:_raw_spin_lock_irqsave+0x1b/0x40<br />
Call Trace:<br />
<br />
xa_destroy+0x61/0x130<br />
ext4_mb_init+0x483/0x540<br />
__ext4_fill_super+0x116d/0x17b0<br />
ext4_fill_super+0xd3/0x280<br />
get_tree_bdev_flags+0x132/0x1d0<br />
vfs_get_tree+0x29/0xd0<br />
do_new_mount+0x197/0x300<br />
__x64_sys_mount+0x116/0x150<br />
do_syscall_64+0x50/0x1c0<br />
entry_SYSCALL_64_after_hwframe+0x76/0x7e<br />
==================================================================<br />
<br />
Therefore, add necessary null check to ext4_mb_avg_fragment_size_destroy()<br />
to prevent this issue. The same fix is also applied to<br />
ext4_mb_largest_free_orders_destroy().