CVE-2025-40190Integer Underflow (Wrap or Wraparound) in Linux

CWE-191Integer Underflow (Wrap or Wraparound)7 documents6 sources
Severity
6.1MEDIUM
No vector
EPSS
0.1%
top 82.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedNov 12
Latest updateNov 13

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4_xattr_inode_update_ref() reads an EA inode refcount that is already ref underflow: ref_count=-1 ref_change=-1 EXT4-fs warning: ea_inode dec ref err=-117 Make the invariant explicit: if the current refcount is non-positive, treat this as on-disk corruption, emit ext4_error_inode(), and fail the operation with -EFSCORRUPTED instead

Affected Packages6 packages

Linuxlinux/linux_kernel5.5.05.10.246+6
Debianlinux/linux_kernel< 5.10.247-1+3
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2ea39e712c2f5ae148ee5515798ae03523673e002+7
debiandebian/linux< linux 6.1.158-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-j9x6-gmq6-xm5x: In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found2025-11-13
OSV
ext4: guard against EA inode refcount underflow in xattr update2025-11-12
OSV
CVE-2025-40190: In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a2025-11-12

📋Vendor Advisories

3
Red Hat
kernel: ext4: guard against EA inode refcount underflow in xattr update2025-11-12
Microsoft
ext4: guard against EA inode refcount underflow in xattr update2025-11-11
Debian
CVE-2025-40190: linux - In the Linux kernel, the following vulnerability has been resolved: ext4: guard...2025