#VU120099 Improper locking in Linux kernel - CVE-2025-40361
Published: December 16, 2025
Vulnerability identifier: #VU120099
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-40361
CWE-ID: CWE-667
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_xattr_inode_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/009127b0fc013aed193961686c28c2b541a5b2f3
- https://git.kernel.org/stable/c/1534f72dc2a11ded38b0e0268fbcc0ca24e9fd4a
- https://git.kernel.org/stable/c/199ab7b43c5ef7d384f6a08e786e107b3509acda
- https://git.kernel.org/stable/c/238f7a7356c33a9797a6297c6fdfd87f113b2325
- https://git.kernel.org/stable/c/5e6b27f4e68682aa3db9f83ca04adef89903159b
- https://git.kernel.org/stable/c/add8458cac0b33a5e7a6b98457b38baea9600859
- https://git.kernel.org/stable/c/bb7d0d13c6e1f061464d1c425b08348a4e0c235d