Buffer Overflow Vulnerability in Linux Kernel's HFSPlus File System
CVE-2025-40082

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40082?

A vulnerability has been identified in the HFSPlus file system within the Linux kernel, specifically pertaining to the hfsplus_uni2asc function. This issue can lead to slab-out-of-bounds read scenarios when processing Unicode attributes. When hfsplus_uni2asc is called, it can pass pointers that exceed allocated memory, resulting in potential memory corruption. Developers have since introduced new wrapper functions to handle Unicode buffers safely, ensuring that string lengths do not surpass designated memory sizes. Users are encouraged to update their systems to mitigate this risk.

Affected Version(s)

Linux 94458781aee6045bd3d0ad4b80b02886b9e2219b < 857aefc70d4ae3b9bf1ae67434d27d0f79f80c9e

Linux 94458781aee6045bd3d0ad4b80b02886b9e2219b

Linux 73f7da507d787b489761a0fa280716f84fa32b2f

References

https://git.kernel.org/stable/c/857aefc70d4ae3b9bf1ae6743...

https://git.kernel.org/stable/c/bea3e1d4467bcf292c8e54f08...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON