CVE-2025-40246 — Out-of-bounds Read in Linux
Severity
7.2HIGHOSV
No vectorEPSS
0.0%
top 90.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 4
Latest updateApr 6
Description
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix out of bounds memory read error in symlink repair
xfs/286 produced this report on my test fleet:
BUG: KFENCE: out-of-bounds read in memcpy_orig+0x54/0x110
Out-of-bounds read at 0xffff88843fe9e038 (184B right of kfence-#184):
memcpy_orig+0x54/0x110
xrep_symlink_salvage_inline+0xb3/0xf0 [xfs]
xrep_symlink_salvage+0x100/0x110 [xfs]
xrep_symlink+0x2e/0x80 [xfs]
xrep_attempt+0x61/0x1f0 [xfs]
xfs_scrub_metadata+0x34f/0x5c…
Affected Packages5 packages
▶CVEListV5linux/linux2651923d8d8db00a57665822f017fa7c76758044 — 7c2d68e091584149fe89bcbaf9b99b3162d46ee7+3