PT-2026-43913

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A refcount leak occurs in the ext4 filesystem when block csum is false. This happens because the function ext4 xattr inode dec ref all calls ext4 get inode loc to obtain iloc.bh but fail...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Mitigated the risk of underflow of the EA inode refcount during xattr updates. Syzkaller identified a path in ext4xattrinodeupdateref where the refcount of EA inodes is checked, and if it is already ref underflow:...

SUSE CVE-2025-40190

In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4xattrinodeupdateref reads an EA inode refcount that is already ref underflow: refcount=-1 refchange=-1 EXT4-fs warning: eainode dec...

EUVD-2025-150384

In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4xattrinodeupdateref reads an EA inode refcount that is already ref underflow: refcount=-1 refchange=-1 EXT4-fs warning: eainode dec...

DEBIAN-CVE-2025-40190

In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4xattrinodeupdateref reads an EA inode refcount that is already ref underflow: refcount=-1 refchange=-1 EXT4-fs warning: eainode dec...

CVE-2025-40190

The CVE-2025-40190 entry concerns the Linux kernel ext4: guard against EA inode refcount underflow in xattr update. The root cause was a path where ext4_xattr_inode_update_ref() could read an EA inode refcount already