Slab-Out-Of-Bounds Read in Linux Kernel's hfsplus Module
CVE-2025-38713

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38713?

A vulnerability exists in the hfsplus module of the Linux kernel that can lead to a slab-out-of-bounds read condition within the hfsplus_uni2asc() function. This flaw arises during the execution of the hfsplus_readdir() method, where improper handling of memory leads to possible crashes. If exploited, it can allow unauthorized access to memory locations, potentially causing system instability and data corruption. Addressing this issue is vital to maintain system integrity and reliability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 73f7da507d787b489761a0fa280716f84fa32b2f

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 76a4c6636a69d69409aa253b049b1be717a539c5

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/73f7da507d787b489761a0fa2...

https://git.kernel.org/stable/c/76a4c6636a69d69409aa253b0...

https://git.kernel.org/stable/c/ccf0ad56a779e6704c0b27f55...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025