CVE-2025-40303Incomplete Cleanup in Linux

CWE-459Incomplete CleanupCWE-190Integer Overflow or Wraparound34 documents7 sources
Severity
3.2LOWOSV
No vector
EPSS
0.0%
top 89.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedDec 8
Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: ensure no dirty metadata is written back for an fs with errors [BUG] During development of a minor feature (make sure all btrfs_bio::end_io() is called in task context), I noticed a crash in generic/388, where metadata writes triggered new works after btrfs_stop_all_workers(). It turns out that it can even happen without any code modification, just using RAID5 for metadata and the same workload from generic/388 is goin

Affected Packages8 packages

Linuxlinux/linux_kernel3.10.06.6.117+2
Debianlinux/linux_kernel< 6.12.63-1+1
Ubuntulinux/linux_kernel< 6.8.0-106.106+1
CVEListV5linux/linux13e6c37b989859e70b0d73d3f2cb0aa022159b17066ee13f05fbd82ada01883e51f0695172f98dff+4

🔴Vulnerability Details

16
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-aws-6.8 vulnerabilities2026-03-23
OSV
linux-realtime, linux-realtime-6.8 vulnerabilities2026-03-17

📋Vendor Advisories

17
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (AWS) vulnerabilities2026-03-23