SB20251216143 - Improper locking in Linux kernel ext4
Published: December 16, 2025
Security Bulletin ID
SB20251216143
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-40361)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_xattr_inode_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/009127b0fc013aed193961686c28c2b541a5b2f3
- https://git.kernel.org/stable/c/1534f72dc2a11ded38b0e0268fbcc0ca24e9fd4a
- https://git.kernel.org/stable/c/199ab7b43c5ef7d384f6a08e786e107b3509acda
- https://git.kernel.org/stable/c/238f7a7356c33a9797a6297c6fdfd87f113b2325
- https://git.kernel.org/stable/c/5e6b27f4e68682aa3db9f83ca04adef89903159b
- https://git.kernel.org/stable/c/add8458cac0b33a5e7a6b98457b38baea9600859
- https://git.kernel.org/stable/c/bb7d0d13c6e1f061464d1c425b08348a4e0c235d