Slab Out-of-Bounds Vulnerability in Linux Kernel's HFSPlus Module
CVE-2025-38714

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38714?

A vulnerability has been identified in the HFSPlus module of the Linux Kernel, specifically within the hfsplus_bnode_read function. This issue could lead to a slab out-of-bounds condition, potentially allowing an attacker to read memory outside the intended boundaries, which could result in data leakage or corruption. The failure occurs during the processing of bnodes, specifically when reading data structures. Developers are urged to apply patches that address this flaw to uphold the integrity and security of systems running the affected kernel versions.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 032f7ed6717a4cd3714f9801be39fdfc7f1c7644

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5ab59229bef6063edf3a6fc2e3e3fd7cd2181b29

References

https://git.kernel.org/stable/c/032f7ed6717a4cd3714f9801b...

https://git.kernel.org/stable/c/ffee8a7bed0fbfe29da239a92...

https://git.kernel.org/stable/c/5ab59229bef6063edf3a6fc2e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025