cve 2025 40190

CVE-2025-40190 is a Linux kernel vulnerability affecting the ext4 filesystem's handling of extended-attribute (EA) inodes. The bug could cause an EA inode reference count underflow during xattr updates, leading to filesystem errors, orphan inode churn, and potential denial-of-service conditions. A defensive fix was merged into the Linux kernel in November to close this issue. While the vulnerability is Linux-specific, Windows users running virtual machines or WSL instances that rely on ext4 filesystems may be indirectly affected. The tag covers the technical details of the flaw, the kernel patch, and implications for system stability.