CVE-2025-40307

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> exfat: validate cluster allocation bits of the allocation bitmap<br /> <br /> syzbot created an exfat image with cluster bits not set for the allocation<br /> bitmap. exfat-fs reads and uses the allocation bitmap without checking<br /> this. The problem is that if the start cluster of the allocation bitmap<br /> is 6, cluster 6 can be allocated when creating a directory with mkdir.<br /> exfat zeros out this cluster in exfat_mkdir, which can delete existing<br /> entries. This can reallocate the allocated entries. In addition,<br /> the allocation bitmap is also zeroed out, so cluster 6 can be reallocated.<br /> This patch adds exfat_test_bitmap_range to validate that clusters used for<br /> the allocation bitmap are correctly marked as in-use.