Cybersecurity Vulnerabilities

CVE-2025-40241: Critical EROFS Vulnerability Patched in Linux Kernel

December 4, 2025 - By 

Overview

CVE-2025-40241 describes a vulnerability found in the EROFS (Enhanced Read-Only File System) implementation within the Linux kernel. This flaw, discovered and reported by Robert, stems from improperly handled encoded extents in crafted, potentially corrupted, EROFS images. Successfully exploiting this vulnerability could lead to system crashes.

Technical Details

The vulnerability centers around two specific issues within the handling of encoded extents introduced in Linux kernel version 6.15:

  1. Invalid plen value: The first issue arises when the `plen` (physical length) field of an encoded extent has a non-zero value (e.g., 0x2000000) but does not conform to the expected format as defined by `Z_EROFS_EXTENT_PLEN_MASK`. This scenario was intended to represent special extents like sparse extents, but the original code only correctly handled cases where `plen` was equal to zero.
  2. Physical Address Overflow: The second, more critical issue involves an out-of-bounds access in `z_erofs_submit_queue()`. This occurs when a crafted image contains an extent with a physical address (`pa`) close to the maximum supported value (e.g., 0xffffffffffdcffed) and a substantial `plen` value (e.g., 0xb4000). The calculation within the `while` loop, specifically `cur [0xfffffffffffff000] += bvec.bv_len [0x1000]`, can wrap around due to integer overflow, resulting in an attempt to access memory outside of the allocated buffer `pcl->compressed_bvecs[]`. The fix enforces a 48-bit limit for physical block addresses, aligning with EROFS’s support for up to 1 EiB with 4k blocks.

CVSS Analysis

CVSS score and severity are currently unavailable (N/A). Given the potential for system crashes and the relatively complex nature of exploiting the vulnerability, it’s likely to be a moderate to high severity issue once a CVSS score is assigned. The lack of information about exploitability suggests that targeted crafted images would need to be deployed to trigger the vulnerability.

Possible Impact

A successful exploit of CVE-2025-40241 could result in the following:

  • System Crash: The primary impact is a kernel panic, leading to a system crash and potential data loss if the system does not recover gracefully.
  • Denial of Service (DoS): By repeatedly triggering the vulnerability, an attacker could cause a sustained denial-of-service condition.

Mitigation and Patch Steps

The vulnerability has been addressed in the Linux kernel. The recommended mitigation is to update to a kernel version that includes the fix. The following commits contain the necessary patches:

Check with your Linux distribution vendor for specific patched kernel packages.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *