CVE-2025-38713
published 2025-09-04CVE-2025-38713: In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is…
high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
The hfsplus_readdir() method is capable to crash by calling
hfsplus_uni2asc():
[ 667.121659][ T9805] ==================================================================
[ 667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10
[ 667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805
[ 667.124578][ T9805]
[ 667.124876][ T9805] CPU: 3 UID: 0 PID: 9805 Comm: repro Not tainted 6.16.0-rc3 #1 PREEMPT(full)
[ 667.124886][ T9805] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 667.124890][ T9805] Call Trace:
[ 667.124893][ T9805]
[ 667.124896][ T9805] dump_stack_lvl+0x10e/0x1f0
[ 667.124911][ T9805] print_report+0xd0/0x660
[ 667.124920][ T9805] ? __virt_addr_valid+0x81/0x610
[ 667.124928][ T9805] ? __phys_addr+0xe8/0x180
[ 667.124934][ T9805] ? hfsplus_uni2asc+0x902/0xa10
[ 667.124942][ T9805] kasan_report+0xc6/0x100
[ 667.124950][ T9805] ? hfsplus_uni2asc+0x902/0xa10
[ 667.124959][ T9805] hfsplus_uni2asc+0x902/0xa10
[ 667.124966][ T9805] ? hfsplus_bnode_read+0x14b/0x360
[ 667.124974][ T9805] hfsplus_readdir+0x845/0xfc0
[ 667.124984][ T9805] ? __pfx_hfsplus_readdir+0x10/0x10
[ 667.124994][ T9805] ? stack_trace_save+0x8e/0xc0
[ 667.125008][ T9805] ? iterate_dir+0x18b/0xb20
[ 667.125015][ T9805] ? trace_lock_acquire+0x85/0xd0
[ 667.125022][ T9805] ? lock_acquire+0x30/0x80
[ 667.125029][ T9805] ? iterate_dir+0x18b/0xb20
[ 667.125037][ T9805] ? down_read_killable+0x1ed/0x4c0
[ 667.125044][ T9805] ? putname+0x154/0x1a0
[ 667.125051][ T9805] ? __pfx_down_read_killable+0x10/0x10
[ 667.125058][ T9805] ? apparmor_file_permission+0x239/0x3e0
[ 667.125069][ T9805] iterate_dir+0x296/0xb20
[ 667.125076][ T9805] __x64_sys_getdents64+0x13c/0x2c0
[ 667.125084][ T9805] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 667.125091][ T9805] ? __x64_sys_openat+0x141/0x200
[ 667
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 73f7da507d787b489761a0fa280716f84fa32b2f | 73f7da507d787b489761a0fa280716f84fa32b2f |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 76a4c6636a69d69409aa253b049b1be717a539c5 | 76a4c6636a69d69409aa253b049b1be717a539c5 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < ccf0ad56a779e6704c0b27f555dec847f50c7557 | ccf0ad56a779e6704c0b27f555dec847f50c7557 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 13604b1d7e7b125fb428cddbec6b8d92baad25d5 | 13604b1d7e7b125fb428cddbec6b8d92baad25d5 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 291bb5d931c6f3cd7227b913302a17be21cf53b0 | 291bb5d931c6f3cd7227b913302a17be21cf53b0 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee | f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9 | 6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1ca69007e52a73bd8b84b988b61b319816ca8b01 | 1ca69007e52a73bd8b84b988b61b319816ca8b01 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 94458781aee6045bd3d0ad4b80b02886b9e2219b | 94458781aee6045bd3d0ad4b80b02886b9e2219b |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.43-1 | 6.12.43-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 2.6.12.1 < 5.4.297 | 5.4.297 |
| linux | linux_kernel | >= 5.11 < 5.15.190 | 5.15.190 |
| linux | linux_kernel | >= 5.16 < 6.1.149 | 6.1.149 |
| linux | linux_kernel | >= 5.5 < 5.10.241 | 5.10.241 |
| linux | linux_kernel | >= 6.13 < 6.15.11 | 6.15.11 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv7.1HIGH