CVE-2025-40167Integer Underflow (Wrap or Wraparound) in Linux

CWE-191Integer Underflow (Wrap or Wraparound)56 documents8 sources
Severity
7.8HIGHOSV
OSV5.5OSV3.2
No vector
EPSS
0.0%
top 87.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedNov 12
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINE_DATA + EXTENTS flag combination syzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity file on a corrupted ext4 filesystem mounted without a journal. The issue is that the filesystem has an inode with both the INLINE_DATA and EXTENTS flags set: EXT4-fs error (device loop0): ext4_cache_extents:545: inode #15: comm syz.0.17: corrupted extent tree: lblk 0 < prev 66 Investigation re

Affected Packages7 packages

Linuxlinux/linux_kernel3.8.05.4.301+6
Debianlinux/linux_kernel< 5.10.247-1+3
Ubuntulinux/linux_kernel< 5.15.0-170.180+2
CVEListV5linux/linuxf19d5870cbf72d4cb2a8e1f749dff97af99b071e4954d297c91d292630ab43ba4d195dc371ce65d3+8

🔴Vulnerability Details

27
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-aws-6.8 vulnerabilities2026-03-23

📋Vendor Advisories

28
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01