CVE-2025-40179
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/11/2025
Last modified:
12/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ext4: verify orphan file size is not too big<br />
<br />
In principle orphan file can be arbitrarily large. However orphan replay<br />
needs to traverse it all and we also pin all its buffers in memory. Thus<br />
filesystems with absurdly large orphan files can lead to big amounts of<br />
memory consumed. Limit orphan file size to a sane value and also use<br />
kvmalloc() for allocating array of block descriptor structures to avoid<br />
large order allocations for sane but large orphan files.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0a6ce20c156442a4ce2a404747bb0fb05d54eeb3
- https://git.kernel.org/stable/c/2b9da798ff0f4d026c5f0f815047393ebe7d8859
- https://git.kernel.org/stable/c/304fc34ff6fc8261138fd81f119e024ac3a129e9
- https://git.kernel.org/stable/c/566a1d6084563bd07433025aa23bcea4427de107
- https://git.kernel.org/stable/c/95a21611b14ae0a401720645245a8db16f040995
- https://git.kernel.org/stable/c/a2d803fab8a6c6a874277cb80156dc114db91921