cve 2025 40167

CVE-2025-40167 is a Linux kernel vulnerability in the ext4 filesystem, discovered by syzbot, where a malformed inode can set both INLINE_DATA and EXTENTS flags simultaneously. This condition bypasses extent-tree validation and triggers a BUG_ON in ext4_es_cache_extent, potentially causing a system crash. A hardening patch has been merged upstream to reject such conflicting flag combinations. While this is a Linux-specific issue, Windows users running virtual machines or WSL environments that rely on ext4 should be aware of the fix. The tag covers the vulnerability details, the upstream patch, and implications for systems using ext4.