cve 2025 40333

About this tag
CVE-2025-40333 is a Linux kernel vulnerability in the F2FS (Flash-Friendly File System) driver that can cause an infinite loop in the __insert_extent_tree function when processing malformed extent metadata. This denial-of-service (availability) flaw affects kernels with F2FS support enabled. The upstream fix introduces early failure and returns NULL with a kernel message instead of allowing a corrupted extent lookup to loop indefinitely. Distributions and downstream vendors are applying targeted patches to stable branches and packages. While this is a Linux-specific CVE, Windows users and IT professionals monitoring cross-platform security should be aware of the fix for systems running Linux alongside Windows or in mixed environments.
  1. CVE-2025-40333: Linux F2FS Infinite Loop Bug Fixed via Safe Return

    The Linux kernel's F2FS driver has a newly assigned CVE — CVE-2025-40333 — describing an edge-case bug that can put the filesystem into an infinite loop inside __insert_extent_tree when presented with malformed extent metadata. The upstream maintainers fixed the logic by failing early and...