CVE-2025-40361 — Deadlock in Kernel

CWE-833 — Deadlock5 documents4 sources

Severity

5.5MEDIUM

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel

Timeline

PublishedDec 16

Description

In the Linux kernel, the following vulnerability has been resolved: fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock The parent function ext4_xattr_inode_lookup_create already uses GFP_NOFS for memory alloction, so the function ext4_xattr_inode_cache_find should use same gfp_flag.

Affected Packages2 packages

▶Linuxlinux/linux_kernel5.6.0 — 5.10.247+5

▶Debianlinux/linux_kernel< 5.10.247-1+1

🔴Vulnerability Details

OSV

CVE-2025-40361: In the Linux kernel, the following vulnerability has been resolved: fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock The parent function ext4↗2025-12-16

▶

GHSA

GHSA-h498-43rp-2rrr: In the Linux kernel, the following vulnerability has been resolved: fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock The parent function ex↗2025-12-16

▶

OSV

fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock↗2025-12-16

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel: ext4 deadlock vulnerability (CVE Rejected)↗2025-12-16

▶

🕵️Threat Intelligence

Wiz

CVE-2025-40361 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶