What is CVE-2025-40190?

CVE-2025-40190 is a unscored severity Linux kernel vulnerability. CVE-2025-40190 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40190?

CVE-2025-40190 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40190?

Yes, CVE-2025-40190 has been patched. Fixed versions include 5.4.301, 5.10.246, 5.15.195 and others.

Is CVE-2025-40190 actively exploited?

CVE-2025-40190 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40190

In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4_xattr_inode_update_ref() reads an EA inode refcount that is already <= 0 and then applies ref_change (often -1). That lets the refcount underflow and we proceed with a bogus value, triggering errors like: EXT4-fs error: EA inode <n> ref underflow: ref_count=-1 ref_change=-1 EXT4-fs warning: ea_inode dec ref err=-117 Make the invariant explicit: if the current refcount is non-positive, treat this as on-disk corruption, emit ext4_error_inode(), and fail the operation with -EFSCORRUPTED instead of updating the refcount. Delete the WARN_ONCE() as negative refcounts are now impossible; keep error reporting in ext4_error_inode(). This prevents the underflow and the follow-on orphan/cleanup churn.

Package Linux Kernel

Published 2025-11-12

Last modified 2026-04-15

Patch available

Yes

Affected versions

Fixed in 5.4.301, 5.10.246, 5.15.195, 6.1.157, 6.6.113, 6.12.54, 6.17.4, 6.18 and their respective stable series.

Fixed in

✓ 5.4.301 5.4.x ✓ 5.10.246 5.10.x ✓ 5.15.195 5.15.x ✓ 6.1.157 6.1.x ✓ 6.6.113 6.6.x ✓ 6.12.54 6.12.x ✓ 6.17.4 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40190 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/1cfb3e4ddbdc8e02e637b8852540bd4718bf4814
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3d6269028246f4484bfed403c947a114bb583631
Patch
Kernel patch commit
https://git.kernel.org/stable/c/440b003f449a4ff2a00b08c8eab9ba5cd28f3943
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40190?

CVE-2025-40190 is a unscored severity Linux kernel vulnerability . CVE-2025-40190 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40190?

Yes — CVE-2025-40190 has been patched. Fixed versions include 5.4.301, 5.10.246, 5.15.195 and others.
Is CVE-2025-40190 actively exploited?

No — CVE-2025-40190 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.