CVE-2025-40333

medium

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in __insert_extent_tree() When we get wrong extent info data, and look up extent_node in rb tree, it will cause infinite loop (CONFIG_F2FS_CHECK_FS=n). Avoiding this by return NULL and print some kernel messages in that case.

References

https://git.kernel.org/stable/c/f4c31adcb2a0556f43776d4e51a67de88d7fb9ee

https://git.kernel.org/stable/c/c0b9951bb2668d67eb4817bb23fc109abc08c075

https://git.kernel.org/stable/c/765f8816d3959ef1f3f7f85e2af748594d091f40

https://git.kernel.org/stable/c/23361bd54966b437e1ed3eb1a704572f4b279e58

Details

Source: Mitre, NVD

Published: 2025-12-09

Updated: 2025-12-09

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018