CVE-2025-40333

Vulnerability

In the Linux kernel's f2fs filesystem, the function __insert_extent_tree() can enter an infinite loop when it encounters corrupted extent information data. The issue occurs during a lookup in the red-black tree (rb tree) for an extent node, which fails to terminate correctly when the data is malformed, especially when CONFIG_F2FS_CHECK_FS is disabled.

Exploitation

An attacker with the ability to mount a crafted f2fs filesystem image or trigger corrupted extent data could cause the kernel to hang, leading to a denial of service. No authentication is required beyond access to the filesystem, making it exploitable from a local user or via a malicious storage device.

Impact

Successful exploitation results in a kernel infinite loop, causing a system hang or watchdog reset. This is a denial-of-service vulnerability that could render the system unresponsive.

Mitigation

The fix, included in upstream stable kernel commits, modifies __insert_extent_tree() to return NULL and print kernel messages when encountering invalid extent data, breaking the loop. Users should update to patched kernel versions as referenced in the stable updates [1], [2].