CVE-2025-40287
Description
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix improper check of dentry.stream.valid_size
We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls — SYS_openat, SYS_ftruncate, and SYS_pwrite64 — can cause the kernel to hang.
Root cause analysis shows that the size validation code in exfat_find() does not check whether dentry.stream.valid_size is negative. As a result, the system calls mentioned above can succeed and eventually trigger the DoS issue.
This patch adds a check for negative dentry.stream.valid_size to prevent this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing negative valid_size check in Linux kernel's exFAT driver can cause an infinite loop, leading to a kernel DoS via SYS_openat, SYS_ftruncate, or SYS_pwrite64.
Root
Cause Analysis The vulnerability resides in the exfat_find() function of the Linux kernel's exFAT filesystem driver. The code verifies the size of a dentry's stream entry, specifically checking dentry.stream.valid_size. However, it fails to reject negative values for this field. A malformed dentry with a negative `valid_size can pass this validation, leading to an infinite loop when the kernel processes the dentry during certain system calls [1].
Exploitation
Mechanism An attacker must mount a crafted exFAT filesystem containing a deliberately malformed dentry where valid_size is set to a negative number. When a user subsequently invokes SYS_openat, SYS_ftruncate, or SYS_pwrite64 on a file within that filesystem, the kernel enters an infinite loop, effectively hanging the system [1]. The attack requires the ability to mount a custom filesystem image, which typically demands either physical access, a compromised storage device, or a privileged user who can mount arbitrary media. No other special privileges are needed at the time of the syscall.
Impact
Successful exploitation results in a Denial-of-Service (DoS) condition. The kernel becomes unresponsive, causing the system to hang until a manual reset. There is no evidence that this flaw allows arbitrary code execution or privilege escalation; the primary consequence is system unavailability [1].
Mitigation
The fix has been applied in Linux kernel stable updates from the referenced commits. The patch adds a check that rejects negative dentry.stream.valid_size values, preventing the infinite loop [1]. Users should update to a kernel version containing this fix. There is no workaround short of avoiding exFAT filesystem mounts from untrusted sources.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
36c627bcc1896204b1b02ee0182ebecdc74ffVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.