CVE-2025-40179
Description
In the Linux kernel, the following vulnerability has been resolved:
ext4: verify orphan file size is not too big
In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan files can lead to big amounts of memory consumed. Limit orphan file size to a sane value and also use kvmalloc() for allocating array of block descriptor structures to avoid large order allocations for sane but large orphan files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, ext4 orphan file size limit was missing, allowing large orphan files to cause excessive memory consumption; fixed by adding a size limit and using kvmalloc().
The ext4 filesystem in the Linux kernel did not enforce a size limit on the orphan file, which is used to track inodes with pending operations. During orphan replay, the kernel traverses the entire orphan file and pins all its buffers in memory. An arbitrarily large orphan file could therefore lead to excessive memory consumption.
An attacker who can create or modify a filesystem image with a very large orphan file (e.g., by mounting a malicious ext4 image) could trigger this condition. No special privileges are required beyond the ability to mount a crafted filesystem.
The impact is a denial of service (DoS) through memory exhaustion, potentially causing system instability or crashes. The fix, as described in the kernel commits [1][2], limits the orphan file size to a sane value and uses kvmalloc() for allocating block descriptor arrays to avoid large order allocations. The patch has been applied to the stable kernel branches.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
695a21611b14a566a1d608456304fc34ff6fca2d803fab8a62b9da798ff0f0a6ce20c1564Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- git.kernel.org/stable/c/0a6ce20c156442a4ce2a404747bb0fb05d54eeb3nvd
- git.kernel.org/stable/c/2b9da798ff0f4d026c5f0f815047393ebe7d8859nvd
- git.kernel.org/stable/c/304fc34ff6fc8261138fd81f119e024ac3a129e9nvd
- git.kernel.org/stable/c/566a1d6084563bd07433025aa23bcea4427de107nvd
- git.kernel.org/stable/c/95a21611b14ae0a401720645245a8db16f040995nvd
- git.kernel.org/stable/c/a2d803fab8a6c6a874277cb80156dc114db91921nvd
News mentions
0No linked articles in our index yet.