CVE-2025-40082Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read15 documents7 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 99.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedOct 28
Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290 CPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_sta

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages7 packages

NVDlinux/linux_kernel5.4.2975.5+7
Debianlinux/linux_kernel< 6.1.164-1+2
Ubuntulinux/linux_kernel< 6.17.0-14.14
CVEListV5linux/linuxccf0ad56a779e6704c0b27f555dec847f50c7557343fe375a8dd6ee51a193a1c233b999f5ea4d479+10

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

7
OSV
linux-azure vulnerabilities2026-02-24
OSV
linux-oem-6.17 vulnerabilities2026-02-17
OSV
linux-aws, linux-oracle vulnerabilities2026-02-17
OSV
linux-gcp vulnerabilities2026-02-12
OSV
linux, linux-raspi, linux-realtime vulnerabilities2026-02-12

📋Vendor Advisories

7
Ubuntu
Linux kernel (Azure) vulnerabilities2026-02-24
Ubuntu
Linux kernel (OEM) vulnerabilities2026-02-17
Ubuntu
Linux kernel (GCP) vulnerabilities2026-02-12
Ubuntu
Linux kernel vulnerabilities2026-02-12
Red Hat
kernel: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()2025-10-28
CVE-2025-40082 — Out-of-bounds Read in Linux | cvebase