CVE-2025-40313

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-40313
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40313.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-40313
Downstream
Related
Published
2025-12-08T00:46:39.444Z
Modified
2026-03-20T12:43:15.754426Z
Summary
ntfs3: pretend $Extend records as regular files
Details

In the Linux kernel, the following vulnerability has been resolved:

ntfs3: pretend $Extend records as regular files

Since commit af153bb63a33 ("vfs: catch invalid modes in mayopen()") requires any inode be one of SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/ SIFIFO/SIFSOCK type, use S_IFREG for $Extend records.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40313.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4534a70b7056fd4b9a1c6db5a4ce3c98546b291e
Fixed
63eb6730ce0604d3eacf036c2f68ea70b068317c
Fixed
78d46f5276ed3589aaaa435580068c5b62efc921
Fixed
17249b2a65274f73ed68bcd1604e08a60fd8a278
Fixed
37f65e68ba9852dc51c78dbb54a9881c3f0fe4f7
Fixed
57534db1bbc4ca772393bb7d92e69d5e7b9051cf
Fixed
4e8011ffec79717e5fdac43a7e79faf811a384b7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40313.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.197
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.159
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.117
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.58
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.17.8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40313.json"