Linux Kernel Vulnerability in HFS+ File System Detected
CVE-2025-38712

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38712?

This vulnerability occurs in the Linux kernel's HFS+ file system, where erroneous volume header values can cause the system to misinterpret the state of the filesystem. Specifically, the hfsplus_fill_super() function may incorrectly assume the attributes file is uncreated, leading to an unexpected failure when hfsplus_create_attributes_file() is invoked. To mitigate this issue, the implementation has been corrected to replace the ineffective BUG_ON() directive with an -EIO error code, accompanied by a message advising users to run the fsck tool to check and repair the filesystem.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9046566fa692f88954dac8c510f37ee17a15fdb7

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 03cd1db1494cf930e2fa042c9c13e32bffdb4eba

References

https://git.kernel.org/stable/c/bb0eea8e375677f586ad11c12...

https://git.kernel.org/stable/c/9046566fa692f88954dac8c51...

https://git.kernel.org/stable/c/03cd1db1494cf930e2fa042c9...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025