CVE-2025-40167
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/11/2025
Last modified:
12/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ext4: detect invalid INLINE_DATA + EXTENTS flag combination<br />
<br />
syzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity<br />
file on a corrupted ext4 filesystem mounted without a journal.<br />
<br />
The issue is that the filesystem has an inode with both the INLINE_DATA<br />
and EXTENTS flags set:<br />
<br />
EXT4-fs error (device loop0): ext4_cache_extents:545: inode #15:<br />
comm syz.0.17: corrupted extent tree: lblk 0
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1437c95ab2a28b138d4521653583729f61ccb48b
- https://git.kernel.org/stable/c/1d3ad183943b38eec2acf72a0ae98e635dc8456b
- https://git.kernel.org/stable/c/1f5ccd22ff482639133f2a0fe08f6d19d0e68717
- https://git.kernel.org/stable/c/2e9e10657b04152ed0d6ecae8d0c02a3405e28f5
- https://git.kernel.org/stable/c/4954d297c91d292630ab43ba4d195dc371ce65d3
- https://git.kernel.org/stable/c/cb6039b68efa547b676a8a10fc4618d9d1865c23
- https://git.kernel.org/stable/c/de985264eef64be8a90595908f2e6a87946dad34
- https://git.kernel.org/stable/c/f061f7c331fc16250fc82aa68964f35821687217