You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 40333
About this tag
CVE-2025-40333 is a Linux kernel vulnerability in the F2FS (Flash-Friendly File System) driver that can cause an infinite loop in the __insert_extent_tree function when processing malformed extent metadata. This denial-of-service (availability) flaw affects kernels with F2FS support enabled. The upstream fix introduces early failure and returns NULL with a kernel message instead of allowing a corrupted extent lookup to loop indefinitely. Distributions and downstream vendors are applying targeted patches to stable branches and packages. While this is a Linux-specific CVE, Windows users and IT professionals monitoring cross-platform security should be aware of the fix for systems running Linux alongside Windows or in mixed environments.
The Linux kernel's F2FS driver has a newly assigned CVE — CVE-2025-40333 — describing an edge-case bug that can put the filesystem into an infinite loop inside __insert_extent_tree when presented with malformed extent metadata. The upstream maintainers fixed the logic by failing early and...