CVE-2025-38715
published 2025-09-04CVE-2025-38715: In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfs_bnode_read() This patch introduces…
high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
In the Linux kernel, the following vulnerability has been resolved:
hfs: fix slab-out-of-bounds in hfs_bnode_read()
This patch introduces is_bnode_offset_valid() method that checks
the requested offset value. Also, it introduces
check_and_correct_requested_length() method that checks and
correct the requested length (if it is necessary). These methods
are used in hfs_bnode_read(), hfs_bnode_write(), hfs_bnode_clear(),
hfs_bnode_copy(), and hfs_bnode_move() with the goal to prevent
the access out of allocated memory and triggering the crash.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < e7d2dc2421e821e4045775e6dc226378328de6f6 | e7d2dc2421e821e4045775e6dc226378328de6f6 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 67ecc81f6492275c9c54280532f558483c99c90e | 67ecc81f6492275c9c54280532f558483c99c90e |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < a1a60e79502279f996e55052f50cc14919020475 | a1a60e79502279f996e55052f50cc14919020475 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < fe2891a9c43ab87d1a210d61e6438ca6936e2f62 | fe2891a9c43ab87d1a210d61e6438ca6936e2f62 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 384a66b89f9540a9a8cb0f48807697dfabaece4c | 384a66b89f9540a9a8cb0f48807697dfabaece4c |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < efc095b35b23297e419c2ab4fc1ed1a8f0781a29 | efc095b35b23297e419c2ab4fc1ed1a8f0781a29 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < fc7f732984ec91f30be3e574e0644066d07f2b78 | fc7f732984ec91f30be3e574e0644066d07f2b78 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < eec522fd0d28106b14a59ab2d658605febe4a3bb | eec522fd0d28106b14a59ab2d658605febe4a3bb |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < a431930c9bac518bf99d6b1da526a7f37ddee8d8 | a431930c9bac518bf99d6b1da526a7f37ddee8d8 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.43-1 | 6.12.43-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 2.6.12.1 < 5.4.297 | 5.4.297 |
| linux | linux_kernel | >= 5.11 < 5.15.190 | 5.15.190 |
| linux | linux_kernel | >= 5.16 < 6.1.149 | 6.1.149 |
| linux | linux_kernel | >= 5.5 < 5.10.241 | 5.10.241 |
| linux | linux_kernel | >= 6.13 < 6.15.11 | 6.15.11 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv7.1HIGH