What is CVE-2025-40205?

CVE-2025-40205 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.29 onward and patched in 5.4.301, 5.10.246, 5.15.195 and others. CVE-2025-40205 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40205?

CVE-2025-40205 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40205?

Yes, CVE-2025-40205 has been patched. Fixed versions include 5.4.301, 5.10.246, 5.15.195 and others. If you are running Linux kernel 2.6.29 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40205 actively exploited?

CVE-2025-40205 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40205

In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfs_encode_fh() The function btrfs_encode_fh() does not properly account for the three cases it handles. Before writing to the file handle (fh), the function only returns to the user BTRFS_FID_SIZE_NON_CONNECTABLE (5 dwords, 20 bytes) or BTRFS_FID_SIZE_CONNECTABLE (8 dwords, 32 bytes). However, when a parent exists and the root ID of the parent and the inode are different, the function writes BTRFS_FID_SIZE_CONNECTABLE_ROOT (10 dwords, 40 bytes). If *max_len is not large enough, this write goes out of bounds because BTRFS_FID_SIZE_CONNECTABLE_ROOT is greater than BTRFS_FID_SIZE_CONNECTABLE originally returned. This results in an 8-byte out-of-bounds write at fid->parent_root_objectid = parent_root_id. A previous attempt to fix this issue was made but was lost. https://lore.kernel.org/all/[email protected]/ Although this issue does not seem to be easily triggerable, it is a potential memory corruption bug that should be fixed. This patch resolves the issue by ensuring the function returns the appropriate size for all three cases and validates that *max_len is large enough before writing any data.

Package Linux Kernel

Published 2025-11-12

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.29 and later are affected. Fixed in 5.4.301, 5.10.246, 5.15.195, 6.1.157, 6.6.113, 6.12.54, 6.17.4, 6.18 and their respective stable series.

Affected from

≥ 2.6.29

Fixed in

✓ 5.4.301 5.4.x ✓ 5.10.246 5.10.x ✓ 5.15.195 5.15.x ✓ 6.1.157 6.1.x ✓ 6.6.113 6.6.x ✓ 6.12.54 6.12.x ✓ 6.17.4 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40205 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0276c8582488022f057b4cec21975a5edf079f47
Patch
Kernel patch commit
https://git.kernel.org/stable/c/361d67276eb8ec6be8f27f4ad6c6090459438fee
Patch
Kernel patch commit
https://git.kernel.org/stable/c/43143776b0a7604d873d1a6f3e552a00aa930224
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40205?

CVE-2025-40205 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.29 onward and has been patched in 5.4.301, 5.10.246, 5.15.195 and others. CVE-2025-40205 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40205?

Yes — CVE-2025-40205 has been patched. Fixed versions include 5.4.301, 5.10.246, 5.15.195 and others. If you are running Linux kernel 2.6.29 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40205 actively exploited?

No — CVE-2025-40205 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.