AZL-70091

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70091.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-70091

Upstream

CVE-2025-40190

Published

2025-11-12T22:15:45Z

Modified

2026-04-01T05:21:41.505914Z

Summary

CVE-2025-40190 affecting package kernel for versions less than 6.6.117.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: guard against EA inode refcount underflow in xattr update

syzkaller found a path where ext4xattrinodeupdateref() reads an EA inode refcount that is already <= 0 and then applies ref_change (often -1). That lets the refcount underflow and we proceed with a bogus value, triggering errors like:

EXT4-fs error: EA inode <n> ref underflow: refcount=-1 refchange=-1 EXT4-fs warning: ea_inode dec ref err=-117

Make the invariant explicit: if the current refcount is non-positive, treat this as on-disk corruption, emit ext4errorinode(), and fail the operation with -EFSCORRUPTED instead of updating the refcount. Delete the WARNONCE() as negative refcounts are now impossible; keep error reporting in ext4error_inode().

This prevents the underflow and the follow-on orphan/cleanup churn.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40190

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.117.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70091.json"