Description

In the Linux kernel, the following vulnerability has been resolved: exfat: validate cluster allocation bits of the allocation bitmap syzbot created an exfat image with cluster bits not set for the allocation bitmap. exfat-fs reads and uses the allocation bitmap without checking this. The problem is that if the start cluster of the allocation bitmap is 6, cluster 6 can be allocated when creating a directory with mkdir. exfat zeros out this cluster in exfat_mkdir, which can delete existing entries. This can reallocate the allocated entries. In addition, the allocation bitmap is also zeroed out, so cluster 6 can be reallocated. This patch adds exfat_test_bitmap_range to validate that clusters used for the allocation bitmap are correctly marked as in-use.

INFO

Published Date :

2025-12-08T00:46:32.659Z

Last Modified :

2025-12-20T08:51:58.576Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40307 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40307.

URL Resource
https://git.kernel.org/stable/c/13c1d24803d5b0446b3f6f0fdd67e07ac1fdc7bf cve-icon cve-icon
https://git.kernel.org/stable/c/6bc58b4c53795ab5fe00648344aa7d9d61175f90 cve-icon cve-icon
https://git.kernel.org/stable/c/79c1587b6cda74deb0c86fc7ba194b92958c793c cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025120820-CVE-2025-40307-40f1@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40307 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40307 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact