What is CVE-2025-40287?

CVE-2025-40287 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.8 onward and patched in 6.12.59, 6.17.9 and 6.18. CVE-2025-40287 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40287?

CVE-2025-40287 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40287?

Yes, CVE-2025-40287 has been patched. Fixed versions include 6.12.59, 6.17.9 and 6.18. If you are running Linux kernel 6.8 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40287 actively exploited?

CVE-2025-40287 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40287

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls — SYS_openat, SYS_ftruncate, and SYS_pwrite64 — can cause the kernel to hang. Root cause analysis shows that the size validation code in exfat_find() does not check whether dentry.stream.valid_size is negative. As a result, the system calls mentioned above can succeed and eventually trigger the DoS issue. This patch adds a check for negative dentry.stream.valid_size to prevent this vulnerability.

Package Linux Kernel

Published 2025-12-06

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 6.8 and later are affected. Fixed in 6.12.59, 6.17.9, 6.18 and their respective stable series.

Affected from

≥ 6.8

Fixed in

✓ 6.12.59 6.12.x ✓ 6.17.9 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40287 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/204b1b02ee018ba52ad2ece21fe3a8643d66a1b2
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6c627bcc1896ba62ec793d0c00da74f3c93ce3ad
Patch
Kernel patch commit
https://git.kernel.org/stable/c/82ebecdc74ff555daf70b811d854b1f32a296bea
Patch

Frequently asked questions

What is CVE-2025-40287?

CVE-2025-40287 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.8 onward and has been patched in 6.12.59, 6.17.9 and 6.18. CVE-2025-40287 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40287?

Yes — CVE-2025-40287 has been patched. Fixed versions include 6.12.59, 6.17.9 and 6.18. If you are running Linux kernel 6.8 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40287 actively exploited?

No — CVE-2025-40287 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.