Vulnerability-Lookup

BDU:2026-01340

Vulnerability from fstec - Published: 31.08.2025

Title

Уязвимость функции hfsplus_iget() модуля fs/hfsplus/super.c поддержки расширенной файловой системы Apple HFS ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции hfsplus_iget() модуля fs/hfsplus/super.c поддержки расширенной файловой системы Apple HFS ядра операционной системы Linux связана с неправильным отключением или освобождением ресурса. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения

Software Name

Debian GNU/Linux, Linux

Software Version

11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 13 (Debian GNU/Linux), от 5.16 до 6.1.157 включительно (Linux), от 6.13 до 6.17.5 включительно (Linux), от 5.5 до 5.10.245 включительно (Linux), от 5.11 до 5.15.195 включительно (Linux), от 6.2 до 6.6.114 включительно (Linux), от 6.7 до 6.12.55 включительно (Linux), от 3.14 до 5.4.300 включительно (Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-40351-55f8@gregkh/ https://git.kernel.org/stable/c/a2bee43b451615531ae6f3cf45054f02915ef885 https://git.kernel.org/stable/c/b07630afe1671096dc64064190cae3b6165cf6e4 https://git.kernel.org/stable/c/9df3c241fbf69edce968b20eeeeb3f6da34af041 https://git.kernel.org/stable/c/1b9e5ade272f8be6421c9eea4c4f6810180017f9 https://git.kernel.org/stable/c/2bb8bc99b1a7a46d83f95c46f530305f6df84eaf https://git.kernel.org/stable/c/295527bfdefd5bf31ec8218e2891a65777141d05 https://git.kernel.org/stable/c/4891bf2b09c313622a6e07d7f108aa5e123c768d https://git.kernel.org/linus/9b3d15a758910bb98ba8feb4109d99cc67450ee4 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.301 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.246 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.196 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.158 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.115 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.56 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.17.6 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2025-40351

Reference

https://www.cve.org/CVERecord?id=CVE-2025-40351 https://git.kernel.org/stable/c/a2bee43b451615531ae6f3cf45054f02915ef885 https://git.kernel.org/stable/c/b07630afe1671096dc64064190cae3b6165cf6e4 https://git.kernel.org/stable/c/9df3c241fbf69edce968b20eeeeb3f6da34af041 https://git.kernel.org/stable/c/1b9e5ade272f8be6421c9eea4c4f6810180017f9 https://git.kernel.org/stable/c/2bb8bc99b1a7a46d83f95c46f530305f6df84eaf https://git.kernel.org/stable/c/295527bfdefd5bf31ec8218e2891a65777141d05 https://git.kernel.org/stable/c/4891bf2b09c313622a6e07d7f108aa5e123c768d https://git.kernel.org/linus/9b3d15a758910bb98ba8feb4109d99cc67450ee4 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.301 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.246 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.196 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.158 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.115 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.56 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.17.6 https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-40351-55f8@gregkh/ https://security-tracker.debian.org/tracker/CVE-2025-40351

CWE

CWE-404

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 13 (Debian GNU/Linux), \u043e\u0442 5.16 \u0434\u043e 6.1.157 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 6.13 \u0434\u043e 6.17.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.5 \u0434\u043e 5.10.245 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.15.195 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 6.2 \u0434\u043e 6.6.114 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 6.7 \u0434\u043e 6.12.55 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 3.14 \u0434\u043e 5.4.300 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Linux:\nhttps://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-40351-55f8@gregkh/\nhttps://git.kernel.org/stable/c/a2bee43b451615531ae6f3cf45054f02915ef885\nhttps://git.kernel.org/stable/c/b07630afe1671096dc64064190cae3b6165cf6e4\nhttps://git.kernel.org/stable/c/9df3c241fbf69edce968b20eeeeb3f6da34af041\nhttps://git.kernel.org/stable/c/1b9e5ade272f8be6421c9eea4c4f6810180017f9\nhttps://git.kernel.org/stable/c/2bb8bc99b1a7a46d83f95c46f530305f6df84eaf\nhttps://git.kernel.org/stable/c/295527bfdefd5bf31ec8218e2891a65777141d05\nhttps://git.kernel.org/stable/c/4891bf2b09c313622a6e07d7f108aa5e123c768d\nhttps://git.kernel.org/linus/9b3d15a758910bb98ba8feb4109d99cc67450ee4\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.301\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.246\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.196\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.158\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.115\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.56\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.17.6\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2025-40351",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "31.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.02.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.02.2026",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2026-01340",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-40351",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 13 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.16 \u0434\u043e 6.1.157 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.13 \u0434\u043e 6.17.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.5 \u0434\u043e 5.10.245 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11 \u0434\u043e 5.15.195 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.2 \u0434\u043e 6.6.114 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.7 \u0434\u043e 6.12.55 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 3.14 \u0434\u043e 5.4.300 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 hfsplus_iget() \u043c\u043e\u0434\u0443\u043b\u044f fs/hfsplus/super.c \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u043e\u0439 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Apple HFS \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u0430 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (CWE-404)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 hfsplus_iget() \u043c\u043e\u0434\u0443\u043b\u044f fs/hfsplus/super.c \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u043e\u0439 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Apple HFS \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cve.org/CVERecord?id=CVE-2025-40351\nhttps://git.kernel.org/stable/c/a2bee43b451615531ae6f3cf45054f02915ef885\nhttps://git.kernel.org/stable/c/b07630afe1671096dc64064190cae3b6165cf6e4\nhttps://git.kernel.org/stable/c/9df3c241fbf69edce968b20eeeeb3f6da34af041\nhttps://git.kernel.org/stable/c/1b9e5ade272f8be6421c9eea4c4f6810180017f9\nhttps://git.kernel.org/stable/c/2bb8bc99b1a7a46d83f95c46f530305f6df84eaf\nhttps://git.kernel.org/stable/c/295527bfdefd5bf31ec8218e2891a65777141d05\nhttps://git.kernel.org/stable/c/4891bf2b09c313622a6e07d7f108aa5e123c768d\nhttps://git.kernel.org/linus/9b3d15a758910bb98ba8feb4109d99cc67450ee4\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.301\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.246\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.196\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.158\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.115\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.56\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.17.6\nhttps://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-40351-55f8@gregkh/\nhttps://security-tracker.debian.org/tracker/CVE-2025-40351",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-404",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

CVE-2025-40351 (GCVE-0-2025-40351)

Vulnerability from cvelistv5 – Published: 2025-12-16 13:30 – Updated: 2026-01-02 15:33

Title

hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()

Summary

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() The syzbot reported issue in hfsplus_delete_cat(): [ 70.682285][ T9333] ===================================================== [ 70.682943][ T9333] BUG: KMSAN: uninit-value in hfsplus_subfolders_dec+0x1d7/0x220 [ 70.683640][ T9333] hfsplus_subfolders_dec+0x1d7/0x220 [ 70.684141][ T9333] hfsplus_delete_cat+0x105d/0x12b0 [ 70.684621][ T9333] hfsplus_rmdir+0x13d/0x310 [ 70.685048][ T9333] vfs_rmdir+0x5ba/0x810 [ 70.685447][ T9333] do_rmdir+0x964/0xea0 [ 70.685833][ T9333] __x64_sys_rmdir+0x71/0xb0 [ 70.686260][ T9333] x64_sys_call+0xcd8/0x3cf0 [ 70.686695][ T9333] do_syscall_64+0xd9/0x1d0 [ 70.687119][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.687646][ T9333] [ 70.687856][ T9333] Uninit was stored to memory at: [ 70.688311][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0 [ 70.688779][ T9333] hfsplus_create_cat+0x148e/0x1800 [ 70.689231][ T9333] hfsplus_mknod+0x27f/0x600 [ 70.689730][ T9333] hfsplus_mkdir+0x5a/0x70 [ 70.690146][ T9333] vfs_mkdir+0x483/0x7a0 [ 70.690545][ T9333] do_mkdirat+0x3f2/0xd30 [ 70.690944][ T9333] __x64_sys_mkdir+0x9a/0xf0 [ 70.691380][ T9333] x64_sys_call+0x2f89/0x3cf0 [ 70.691816][ T9333] do_syscall_64+0xd9/0x1d0 [ 70.692229][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.692773][ T9333] [ 70.692990][ T9333] Uninit was stored to memory at: [ 70.693469][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0 [ 70.693960][ T9333] hfsplus_create_cat+0x148e/0x1800 [ 70.694438][ T9333] hfsplus_fill_super+0x21c1/0x2700 [ 70.694911][ T9333] mount_bdev+0x37b/0x530 [ 70.695320][ T9333] hfsplus_mount+0x4d/0x60 [ 70.695729][ T9333] legacy_get_tree+0x113/0x2c0 [ 70.696167][ T9333] vfs_get_tree+0xb3/0x5c0 [ 70.696588][ T9333] do_new_mount+0x73e/0x1630 [ 70.697013][ T9333] path_mount+0x6e3/0x1eb0 [ 70.697425][ T9333] __se_sys_mount+0x733/0x830 [ 70.697857][ T9333] __x64_sys_mount+0xe4/0x150 [ 70.698269][ T9333] x64_sys_call+0x2691/0x3cf0 [ 70.698704][ T9333] do_syscall_64+0xd9/0x1d0 [ 70.699117][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.699730][ T9333] [ 70.699946][ T9333] Uninit was created at: [ 70.700378][ T9333] __alloc_pages_noprof+0x714/0xe60 [ 70.700843][ T9333] alloc_pages_mpol_noprof+0x2a2/0x9b0 [ 70.701331][ T9333] alloc_pages_noprof+0xf8/0x1f0 [ 70.701774][ T9333] allocate_slab+0x30e/0x1390 [ 70.702194][ T9333] ___slab_alloc+0x1049/0x33a0 [ 70.702635][ T9333] kmem_cache_alloc_lru_noprof+0x5ce/0xb20 [ 70.703153][ T9333] hfsplus_alloc_inode+0x5a/0xd0 [ 70.703598][ T9333] alloc_inode+0x82/0x490 [ 70.703984][ T9333] iget_locked+0x22e/0x1320 [ 70.704428][ T9333] hfsplus_iget+0x5c/0xba0 [ 70.704827][ T9333] hfsplus_btree_open+0x135/0x1dd0 [ 70.705291][ T9333] hfsplus_fill_super+0x1132/0x2700 [ 70.705776][ T9333] mount_bdev+0x37b/0x530 [ 70.706171][ T9333] hfsplus_mount+0x4d/0x60 [ 70.706579][ T9333] legacy_get_tree+0x113/0x2c0 [ 70.707019][ T9333] vfs_get_tree+0xb3/0x5c0 [ 70.707444][ T9333] do_new_mount+0x73e/0x1630 [ 70.707865][ T9333] path_mount+0x6e3/0x1eb0 [ 70.708270][ T9333] __se_sys_mount+0x733/0x830 [ 70.708711][ T9333] __x64_sys_mount+0xe4/0x150 [ 70.709158][ T9333] x64_sys_call+0x2691/0x3cf0 [ 70.709630][ T9333] do_syscall_64+0xd9/0x1d0 [ 70.710053][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.710611][ T9333] [ 70.710842][ T9333] CPU: 3 UID: 0 PID: 9333 Comm: repro Not tainted 6.12.0-rc6-dirty #17 [ 70.711568][ T9333] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.712490][ T9333] ===================================================== [ 70.713085][ T9333] Disabling lock debugging due to kernel taint [ 70.713618][ T9333] Kernel panic - not syncing: kmsan.panic set ... [ 70.714159][ T9333] ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a2bee43b451615531…
	https://git.kernel.org/stable/c/b07630afe1671096d…
	https://git.kernel.org/stable/c/9df3c241fbf69edce…
	https://git.kernel.org/stable/c/1b9e5ade272f8be64…
	https://git.kernel.org/stable/c/2bb8bc99b1a7a46d8…
	https://git.kernel.org/stable/c/295527bfdefd5bf31…
	https://git.kernel.org/stable/c/4891bf2b09c313622…
	https://git.kernel.org/stable/c/9b3d15a758910bb98…

Impacted products

Vendor

Product

Version

Linux

Affected: d7d673a591701f131e53d4fd4e2b9352f1316642 , < a2bee43b451615531ae6f3cf45054f02915ef885 (git)
Affected: d7d673a591701f131e53d4fd4e2b9352f1316642 , < b07630afe1671096dc64064190cae3b6165cf6e4 (git)
Affected: d7d673a591701f131e53d4fd4e2b9352f1316642 , < 9df3c241fbf69edce968b20eeeeb3f6da34af041 (git)
Affected: d7d673a591701f131e53d4fd4e2b9352f1316642 , < 1b9e5ade272f8be6421c9eea4c4f6810180017f9 (git)
Affected: d7d673a591701f131e53d4fd4e2b9352f1316642 , < 2bb8bc99b1a7a46d83f95c46f530305f6df84eaf (git)
Affected: d7d673a591701f131e53d4fd4e2b9352f1316642 , < 295527bfdefd5bf31ec8218e2891a65777141d05 (git)
Affected: d7d673a591701f131e53d4fd4e2b9352f1316642 , < 4891bf2b09c313622a6e07d7f108aa5e123c768d (git)
Affected: d7d673a591701f131e53d4fd4e2b9352f1316642 , < 9b3d15a758910bb98ba8feb4109d99cc67450ee4 (git)

Linux

Affected: 3.14
Unaffected: 0 , < 3.14 (semver)
Unaffected: 5.4.301 , ≤ 5.4.* (semver)
Unaffected: 5.10.246 , ≤ 5.10.* (semver)
Unaffected: 5.15.196 , ≤ 5.15.* (semver)
Unaffected: 6.1.158 , ≤ 6.1.* (semver)
Unaffected: 6.6.115 , ≤ 6.6.* (semver)
Unaffected: 6.12.56 , ≤ 6.12.* (semver)
Unaffected: 6.17.6 , ≤ 6.17.* (semver)
Unaffected: 6.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/hfsplus/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a2bee43b451615531ae6f3cf45054f02915ef885",
              "status": "affected",
              "version": "d7d673a591701f131e53d4fd4e2b9352f1316642",
              "versionType": "git"
            },
            {
              "lessThan": "b07630afe1671096dc64064190cae3b6165cf6e4",
              "status": "affected",
              "version": "d7d673a591701f131e53d4fd4e2b9352f1316642",
              "versionType": "git"
            },
            {
              "lessThan": "9df3c241fbf69edce968b20eeeeb3f6da34af041",
              "status": "affected",
              "version": "d7d673a591701f131e53d4fd4e2b9352f1316642",
              "versionType": "git"
            },
            {
              "lessThan": "1b9e5ade272f8be6421c9eea4c4f6810180017f9",
              "status": "affected",
              "version": "d7d673a591701f131e53d4fd4e2b9352f1316642",
              "versionType": "git"
            },
            {
              "lessThan": "2bb8bc99b1a7a46d83f95c46f530305f6df84eaf",
              "status": "affected",
              "version": "d7d673a591701f131e53d4fd4e2b9352f1316642",
              "versionType": "git"
            },
            {
              "lessThan": "295527bfdefd5bf31ec8218e2891a65777141d05",
              "status": "affected",
              "version": "d7d673a591701f131e53d4fd4e2b9352f1316642",
              "versionType": "git"
            },
            {
              "lessThan": "4891bf2b09c313622a6e07d7f108aa5e123c768d",
              "status": "affected",
              "version": "d7d673a591701f131e53d4fd4e2b9352f1316642",
              "versionType": "git"
            },
            {
              "lessThan": "9b3d15a758910bb98ba8feb4109d99cc67450ee4",
              "status": "affected",
              "version": "d7d673a591701f131e53d4fd4e2b9352f1316642",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/hfsplus/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.14"
            },
            {
              "lessThan": "3.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.301",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.246",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.196",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.115",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.56",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.301",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.246",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.196",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.158",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.115",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.56",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.6",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()\n\nThe syzbot reported issue in hfsplus_delete_cat():\n\n[   70.682285][ T9333] =====================================================\n[   70.682943][ T9333] BUG: KMSAN: uninit-value in hfsplus_subfolders_dec+0x1d7/0x220\n[   70.683640][ T9333]  hfsplus_subfolders_dec+0x1d7/0x220\n[   70.684141][ T9333]  hfsplus_delete_cat+0x105d/0x12b0\n[   70.684621][ T9333]  hfsplus_rmdir+0x13d/0x310\n[   70.685048][ T9333]  vfs_rmdir+0x5ba/0x810\n[   70.685447][ T9333]  do_rmdir+0x964/0xea0\n[   70.685833][ T9333]  __x64_sys_rmdir+0x71/0xb0\n[   70.686260][ T9333]  x64_sys_call+0xcd8/0x3cf0\n[   70.686695][ T9333]  do_syscall_64+0xd9/0x1d0\n[   70.687119][ T9333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.687646][ T9333]\n[   70.687856][ T9333] Uninit was stored to memory at:\n[   70.688311][ T9333]  hfsplus_subfolders_inc+0x1c2/0x1d0\n[   70.688779][ T9333]  hfsplus_create_cat+0x148e/0x1800\n[   70.689231][ T9333]  hfsplus_mknod+0x27f/0x600\n[   70.689730][ T9333]  hfsplus_mkdir+0x5a/0x70\n[   70.690146][ T9333]  vfs_mkdir+0x483/0x7a0\n[   70.690545][ T9333]  do_mkdirat+0x3f2/0xd30\n[   70.690944][ T9333]  __x64_sys_mkdir+0x9a/0xf0\n[   70.691380][ T9333]  x64_sys_call+0x2f89/0x3cf0\n[   70.691816][ T9333]  do_syscall_64+0xd9/0x1d0\n[   70.692229][ T9333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.692773][ T9333]\n[   70.692990][ T9333] Uninit was stored to memory at:\n[   70.693469][ T9333]  hfsplus_subfolders_inc+0x1c2/0x1d0\n[   70.693960][ T9333]  hfsplus_create_cat+0x148e/0x1800\n[   70.694438][ T9333]  hfsplus_fill_super+0x21c1/0x2700\n[   70.694911][ T9333]  mount_bdev+0x37b/0x530\n[   70.695320][ T9333]  hfsplus_mount+0x4d/0x60\n[   70.695729][ T9333]  legacy_get_tree+0x113/0x2c0\n[   70.696167][ T9333]  vfs_get_tree+0xb3/0x5c0\n[   70.696588][ T9333]  do_new_mount+0x73e/0x1630\n[   70.697013][ T9333]  path_mount+0x6e3/0x1eb0\n[   70.697425][ T9333]  __se_sys_mount+0x733/0x830\n[   70.697857][ T9333]  __x64_sys_mount+0xe4/0x150\n[   70.698269][ T9333]  x64_sys_call+0x2691/0x3cf0\n[   70.698704][ T9333]  do_syscall_64+0xd9/0x1d0\n[   70.699117][ T9333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.699730][ T9333]\n[   70.699946][ T9333] Uninit was created at:\n[   70.700378][ T9333]  __alloc_pages_noprof+0x714/0xe60\n[   70.700843][ T9333]  alloc_pages_mpol_noprof+0x2a2/0x9b0\n[   70.701331][ T9333]  alloc_pages_noprof+0xf8/0x1f0\n[   70.701774][ T9333]  allocate_slab+0x30e/0x1390\n[   70.702194][ T9333]  ___slab_alloc+0x1049/0x33a0\n[   70.702635][ T9333]  kmem_cache_alloc_lru_noprof+0x5ce/0xb20\n[   70.703153][ T9333]  hfsplus_alloc_inode+0x5a/0xd0\n[   70.703598][ T9333]  alloc_inode+0x82/0x490\n[   70.703984][ T9333]  iget_locked+0x22e/0x1320\n[   70.704428][ T9333]  hfsplus_iget+0x5c/0xba0\n[   70.704827][ T9333]  hfsplus_btree_open+0x135/0x1dd0\n[   70.705291][ T9333]  hfsplus_fill_super+0x1132/0x2700\n[   70.705776][ T9333]  mount_bdev+0x37b/0x530\n[   70.706171][ T9333]  hfsplus_mount+0x4d/0x60\n[   70.706579][ T9333]  legacy_get_tree+0x113/0x2c0\n[   70.707019][ T9333]  vfs_get_tree+0xb3/0x5c0\n[   70.707444][ T9333]  do_new_mount+0x73e/0x1630\n[   70.707865][ T9333]  path_mount+0x6e3/0x1eb0\n[   70.708270][ T9333]  __se_sys_mount+0x733/0x830\n[   70.708711][ T9333]  __x64_sys_mount+0xe4/0x150\n[   70.709158][ T9333]  x64_sys_call+0x2691/0x3cf0\n[   70.709630][ T9333]  do_syscall_64+0xd9/0x1d0\n[   70.710053][ T9333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.710611][ T9333]\n[   70.710842][ T9333] CPU: 3 UID: 0 PID: 9333 Comm: repro Not tainted 6.12.0-rc6-dirty #17\n[   70.711568][ T9333] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   70.712490][ T9333] =====================================================\n[   70.713085][ T9333] Disabling lock debugging due to kernel taint\n[   70.713618][ T9333] Kernel panic - not syncing: kmsan.panic set ...\n[   70.714159][ T9333] \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-02T15:33:46.209Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a2bee43b451615531ae6f3cf45054f02915ef885"
        },
        {
          "url": "https://git.kernel.org/stable/c/b07630afe1671096dc64064190cae3b6165cf6e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9df3c241fbf69edce968b20eeeeb3f6da34af041"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b9e5ade272f8be6421c9eea4c4f6810180017f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/2bb8bc99b1a7a46d83f95c46f530305f6df84eaf"
        },
        {
          "url": "https://git.kernel.org/stable/c/295527bfdefd5bf31ec8218e2891a65777141d05"
        },
        {
          "url": "https://git.kernel.org/stable/c/4891bf2b09c313622a6e07d7f108aa5e123c768d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b3d15a758910bb98ba8feb4109d99cc67450ee4"
        }
      ],
      "title": "hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40351",
    "datePublished": "2025-12-16T13:30:24.764Z",
    "dateReserved": "2025-04-16T07:20:57.187Z",
    "dateUpdated": "2026-01-02T15:33:46.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2026-01340

CVE-2025-40351 (GCVE-0-2025-40351)

Tags

Sightings

Nomenclature