[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-40246":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":14,"duplicates":39,"related":40,"reserved_at":9,"published_at":45,"modified_at":46,"state":47,"summary":48,"references_raw":52,"kevs":67,"epss":68,"epss_history":71,"metrics":340,"affected":341},"CVE-2025-40246","In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix out of bounds memory read error in symlink repair\n\nxfs/286 produced this report on my test fleet:\n\n ==================================================================\n BUG: KFENCE: out-of-bounds read in memcpy_orig+0x54/0x110\n\n Out-of-bounds read at 0xffff88843fe9e038 (184B right of kfence-#184):\n  memcpy_orig+0x54/0x110\n  xrep_symlink_salvage_inline+0xb3/0xf0 [xfs]\n  xrep_symlink_salvage+0x100/0x110 [xfs]\n  xrep_symlink+0x2e/0x80 [xfs]\n  xrep_attempt+0x61/0x1f0 [xfs]\n  xfs_scrub_metadata+0x34f/0x5c0 [xfs]\n  xfs_ioc_scrubv_metadata+0x387/0x560 [xfs]\n  xfs_file_ioctl+0xe23/0x10e0 [xfs]\n  __x64_sys_ioctl+0x76/0xc0\n  do_syscall_64+0x4e/0x1e0\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n kfence-#184: 0xffff88843fe9df80-0xffff88843fe9dfea, size=107, cache=kmalloc-128\n\n allocated by task 3470 on cpu 1 at 263329.131592s (192823.508886s ago):\n  xfs_init_local_fork+0x79/0xe0 [xfs]\n  xfs_iformat_local+0xa4/0x170 [xfs]\n  xfs_iformat_data_fork+0x148/0x180 [xfs]\n  xfs_inode_from_disk+0x2cd/0x480 [xfs]\n  xfs_iget+0x450/0xd60 [xfs]\n  xfs_bulkstat_one_int+0x6b/0x510 [xfs]\n  xfs_bulkstat_iwalk+0x1e/0x30 [xfs]\n  xfs_iwalk_ag_recs+0xdf/0x150 [xfs]\n  xfs_iwalk_run_callbacks+0xb9/0x190 [xfs]\n  xfs_iwalk_ag+0x1dc/0x2f0 [xfs]\n  xfs_iwalk_args.constprop.0+0x6a/0x120 [xfs]\n  xfs_iwalk+0xa4/0xd0 [xfs]\n  xfs_bulkstat+0xfa/0x170 [xfs]\n  xfs_ioc_fsbulkstat.isra.0+0x13a/0x230 [xfs]\n  xfs_file_ioctl+0xbf2/0x10e0 [xfs]\n  __x64_sys_ioctl+0x76/0xc0\n  do_syscall_64+0x4e/0x1e0\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n CPU: 1 UID: 0 PID: 1300113 Comm: xfs_scrub Not tainted 6.18.0-rc4-djwx #rc4 PREEMPT(lazy)  3d744dd94e92690f00a04398d2bd8631dcef1954\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-4.module+el8.8.0+21164+ed375313 04/01/2014\n ==================================================================\n\nOn further analysis, I realized that the second parameter to min() is\nnot correct.  xfs_ifork::if_bytes is the size of the xfs_ifork::if_data\nbuffer.  if_bytes can be smaller than the data fork size because:\n\n(a) the forkoff code tries to keep the data area as large as possible\n(b) for symbolic links, if_bytes is the ondisk file size + 1\n(c) forkoff is always a multiple of 8.\n\nCase in point: for a single-byte symlink target, forkoff will be\n8 but the buffer will only be 2 bytes long.\n\nIn other words, the logic here is wrong and we walk off the end of the\nincore buffer.  Fix that.",null,[],[],[],[],[15,17,19,21,23,25,27,29,31,33,35,37],{"_key":16},"SUSE-SU-2026:20207-1",{"_key":18},"SUSE-SU-2026:20220-1",{"_key":20},"SUSE-SU-2026:20228-1",{"_key":22},"OPENSUSE-SU-2026:20145-1",{"_key":24},"DEBIAN-CVE-2025-40246",{"_key":26},"UBUNTU-CVE-2025-40246",{"_key":28},"USN-8094-1",{"_key":30},"USN-8094-2",{"_key":32},"USN-8094-3",{"_key":34},"USN-8094-4",{"_key":36},"USN-8094-5",{"_key":38},"USN-8152-1",[],[41,42,43,44],{"_key":16},{"_key":18},{"_key":20},{"_key":22},"2025-12-04T16:08:09.751Z","2026-05-11T21:45:37.260Z","Deferred",{"cisa_kev":49,"cisa_ransomware":49,"cisa_vendor":9,"epss_severity":50,"epss_score":51,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":47},false,"low",0.00023,[53,59,63],{"url":54,"sources":55,"tags":58},"https://git.kernel.org/stable/c/7c2d68e091584149fe89bcbaf9b99b3162d46ee7",[56,57],"cve.org","nvd",[],{"url":60,"sources":61,"tags":62},"https://git.kernel.org/stable/c/81a8685cac4bf081c93a7df591644f4f80240bb9",[56,57],[],{"url":64,"sources":65,"tags":66},"https://git.kernel.org/stable/c/678e1cc2f482e0985a0613ab4a5bf89c497e5acc",[56,57],[],[],{"date":69,"score":51,"percentile":70},"2026-06-04",0.0685,[72,76,79,82,85,88,92,95,98,101,104,107,110,113,116,119,122,125,128,131,134,137,140,143,145,148,150,153,156,159,162,165,169,171,174,177,179,182,185,188,191,194,197,200,203,205,208,211,214,217,220,223,226,229,232,235,238,241,244,247,250,253,256,259,262,265,268,271,275,278,281,284,287,290,293,296,299,302,305,308,310,313,316,319,322,325,328,331,334,337],{"date":73,"score":74,"percentile":75},"2025-12-05",0.00017,0.03047,{"date":77,"score":74,"percentile":78},"2025-12-06",0.03065,{"date":80,"score":74,"percentile":81},"2025-12-07",0.0307,{"date":83,"score":74,"percentile":84},"2025-12-08",0.03072,{"date":86,"score":74,"percentile":87},"2025-12-09",0.031,{"date":89,"score":90,"percentile":91},"2025-12-10",0.00022,0.05104,{"date":93,"score":90,"percentile":94},"2025-12-11",0.05088,{"date":96,"score":90,"percentile":97},"2025-12-12",0.05106,{"date":99,"score":90,"percentile":100},"2025-12-13",0.05148,{"date":102,"score":90,"percentile":103},"2025-12-14",0.05142,{"date":105,"score":90,"percentile":106},"2025-12-15",0.0511,{"date":108,"score":90,"percentile":109},"2025-12-16",0.05108,{"date":111,"score":90,"percentile":112},"2025-12-17",0.05169,{"date":114,"score":90,"percentile":115},"2025-12-18",0.05208,{"date":117,"score":90,"percentile":118},"2025-12-19",0.05186,{"date":120,"score":90,"percentile":121},"2025-12-20",0.05185,{"date":123,"score":90,"percentile":124},"2025-12-21",0.05193,{"date":126,"score":90,"percentile":127},"2025-12-22",0.05135,{"date":129,"score":90,"percentile":130},"2025-12-23",0.05141,{"date":132,"score":90,"percentile":133},"2025-12-24",0.0516,{"date":135,"score":90,"percentile":136},"2025-12-25",0.05194,{"date":138,"score":90,"percentile":139},"2025-12-26",0.05196,{"date":141,"score":90,"percentile":142},"2025-12-27",0.05202,{"date":144,"score":90,"percentile":118},"2025-12-28",{"date":146,"score":90,"percentile":147},"2025-12-29",0.05181,{"date":149,"score":90,"percentile":130},"2025-12-30",{"date":151,"score":90,"percentile":152},"2025-12-31",0.05172,{"date":154,"score":90,"percentile":155},"2026-01-01",0.05246,{"date":157,"score":90,"percentile":158},"2026-01-02",0.0524,{"date":160,"score":90,"percentile":161},"2026-01-03",0.05222,{"date":163,"score":90,"percentile":164},"2026-01-04",0.05124,{"date":166,"score":167,"percentile":168},"2026-01-05",0.00024,0.05699,{"date":170,"score":167,"percentile":168},"2026-01-06",{"date":172,"score":167,"percentile":173},"2026-01-07",0.05722,{"date":175,"score":167,"percentile":176},"2026-01-08",0.05788,{"date":178,"score":167,"percentile":176},"2026-01-09",{"date":180,"score":167,"percentile":181},"2026-01-10",0.05796,{"date":183,"score":167,"percentile":184},"2026-01-11",0.05778,{"date":186,"score":167,"percentile":187},"2026-01-12",0.05762,{"date":189,"score":167,"percentile":190},"2026-01-13",0.0575,{"date":192,"score":167,"percentile":193},"2026-01-14",0.05793,{"date":195,"score":167,"percentile":196},"2026-01-15",0.05786,{"date":198,"score":167,"percentile":199},"2026-01-16",0.0579,{"date":201,"score":167,"percentile":202},"2026-01-17",0.05802,{"date":204,"score":167,"percentile":193},"2026-01-18",{"date":206,"score":167,"percentile":207},"2026-01-19",0.05767,{"date":209,"score":167,"percentile":210},"2026-01-20",0.05723,{"date":212,"score":167,"percentile":213},"2026-01-21",0.05725,{"date":215,"score":167,"percentile":216},"2026-01-22",0.05709,{"date":218,"score":167,"percentile":219},"2026-01-23",0.05768,{"date":221,"score":167,"percentile":222},"2026-01-24",0.05815,{"date":224,"score":167,"percentile":225},"2026-01-25",0.05763,{"date":227,"score":167,"percentile":228},"2026-01-26",0.05745,{"date":230,"score":167,"percentile":231},"2026-01-27",0.05724,{"date":233,"score":167,"percentile":234},"2026-01-28",0.05707,{"date":236,"score":167,"percentile":237},"2026-01-29",0.0572,{"date":239,"score":167,"percentile":240},"2026-01-30",0.05719,{"date":242,"score":167,"percentile":243},"2026-01-31",0.05697,{"date":245,"score":167,"percentile":246},"2026-02-01",0.05764,{"date":248,"score":167,"percentile":249},"2026-02-02",0.05748,{"date":251,"score":167,"percentile":252},"2026-02-03",0.05758,{"date":254,"score":167,"percentile":255},"2026-02-04",0.05771,{"date":257,"score":167,"percentile":258},"2026-02-05",0.05828,{"date":260,"score":167,"percentile":261},"2026-02-06",0.05852,{"date":263,"score":167,"percentile":264},"2026-02-07",0.05861,{"date":266,"score":167,"percentile":267},"2026-02-08",0.05855,{"date":269,"score":167,"percentile":270},"2026-02-09",0.05826,{"date":272,"score":273,"percentile":274},"2026-02-10",0.00025,0.06233,{"date":276,"score":273,"percentile":277},"2026-02-11",0.06282,{"date":279,"score":273,"percentile":280},"2026-02-12",0.06314,{"date":282,"score":273,"percentile":283},"2026-02-13",0.06307,{"date":285,"score":273,"percentile":286},"2026-02-14",0.06289,{"date":288,"score":273,"percentile":289},"2026-02-15",0.0631,{"date":291,"score":273,"percentile":292},"2026-02-16",0.06297,{"date":294,"score":273,"percentile":295},"2026-02-17",0.06271,{"date":297,"score":273,"percentile":298},"2026-02-18",0.066,{"date":300,"score":273,"percentile":301},"2026-02-19",0.0669,{"date":303,"score":273,"percentile":304},"2026-02-20",0.06678,{"date":306,"score":273,"percentile":307},"2026-02-21",0.06691,{"date":309,"score":273,"percentile":301},"2026-02-22",{"date":311,"score":273,"percentile":312},"2026-02-23",0.06701,{"date":314,"score":273,"percentile":315},"2026-02-24",0.06685,{"date":317,"score":273,"percentile":318},"2026-02-25",0.06622,{"date":320,"score":273,"percentile":321},"2026-02-26",0.06563,{"date":323,"score":273,"percentile":324},"2026-02-27",0.06583,{"date":326,"score":273,"percentile":327},"2026-02-28",0.06587,{"date":329,"score":273,"percentile":330},"2026-03-01",0.0664,{"date":332,"score":273,"percentile":333},"2026-03-02",0.06574,{"date":335,"score":273,"percentile":336},"2026-03-03",0.06582,{"date":338,"score":273,"percentile":339},"2026-03-04",0.06508,[],[342],{"ecosystem":9,"name":343,"vendor":344,"product":344,"cpe_part":345,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":346},"Linux","linux","a",[347,354,357,360],{"version":348,"is_range":349,"range_type":56,"version_start":350,"version_start_type":351,"version_end":352,"version_end_type":353,"fixed_in":9},">= 2651923d8d8db00a57665822f017fa7c76758044, \u003C 7c2d68e091584149fe89bcbaf9b99b3162d46ee7",true,"2651923d8d8db00a57665822f017fa7c76758044","including","7c2d68e091584149fe89bcbaf9b99b3162d46ee7","excluding",{"version":355,"is_range":349,"range_type":56,"version_start":350,"version_start_type":351,"version_end":356,"version_end_type":353,"fixed_in":9},">= 2651923d8d8db00a57665822f017fa7c76758044, \u003C 81a8685cac4bf081c93a7df591644f4f80240bb9","81a8685cac4bf081c93a7df591644f4f80240bb9",{"version":358,"is_range":349,"range_type":56,"version_start":350,"version_start_type":351,"version_end":359,"version_end_type":353,"fixed_in":9},">= 2651923d8d8db00a57665822f017fa7c76758044, \u003C 678e1cc2f482e0985a0613ab4a5bf89c497e5acc","678e1cc2f482e0985a0613ab4a5bf89c497e5acc",{"version":361,"is_range":49,"range_type":56,"version_start":361,"version_start_type":351,"version_end":361,"version_end_type":351,"fixed_in":9},"6.10"]