VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Apr 15, 2026

CVE-2025-40307

CVE-2025-40307

Description

In the Linux kernel, the following vulnerability has been resolved:

exfat: validate cluster allocation bits of the allocation bitmap

syzbot created an exfat image with cluster bits not set for the allocation bitmap. exfat-fs reads and uses the allocation bitmap without checking this. The problem is that if the start cluster of the allocation bitmap is 6, cluster 6 can be allocated when creating a directory with mkdir. exfat zeros out this cluster in exfat_mkdir, which can delete existing entries. This can reallocate the allocated entries. In addition, the allocation bitmap is also zeroed out, so cluster 6 can be reallocated. This patch adds exfat_test_bitmap_range to validate that clusters used for the allocation bitmap are correctly marked as in-use.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel's exfat filesystem, missing validation of allocation bitmap cluster bits allows an attacker with crafted image to corrupt data via mkdir zeroing out bitmap clusters causing reallocation.

Vulnerability

CVE-2025-40307 is a vulnerability in the Linux kernel's exfat filesystem. The issue arises because the filesystem does not validate that the clusters used for the allocation bitmap are correctly marked as in-use in the bitmap itself. This means that when the allocation bitmap start cluster (e.g., cluster 6) is not marked as allocated, it can be treated as free and later allocated for other purposes, such as creating a new directory.

Exploitation

An attacker can craft a malicious exfat image that omits the allocation bitmap's own cluster from its bitmap, marking it as free. When this image is mounted, the exfat driver will read and use the bitmap without checking this inconsistency. If a user subsequently creates a directory (via mkdir), the kernel may allocate that same cluster for the directory and zero it out. This overwrites both the original allocation bitmap data and any other existing entries stored in that cluster.

Impact

By zeroing out the allocation bitmap, the attacker can cause subsequent allocations to reuse clusters that previously held data, leading to data corruption. Additionally, the original bitmap data is lost, potentially allowing further exploitation. The vulnerability can lead to file system corruption and possible data loss.

Mitigation

The fix was applied in a Linux kernel commit that adds the function exfat_test_bitmap_range to validate that clusters used for the allocation bitmap are correctly marked as in-use [1]. Users should apply the kernel update containing this commit to mitigate the vulnerability.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

3
6bc58b4c5379
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
13c1d24803d5
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
79c1587b6cda
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.