Slab Out-of-Bounds Read Vulnerability in Linux Kernel HFS Plus Module
CVE-2025-40088

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-40088?

A vulnerability exists in the Linux kernel's handling of HFS Plus file systems, specifically in the hfsplus_strcasecmp function, which can lead to a slab out-of-bounds read. This issue is triggered under certain conditions during string comparisons, potentially allowing an attacker to read sensitive memory content. Prompt updates and patches are recommended to mitigate this risk.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 603158d4efa98a13a746bd586c20f194f4a31ec8

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7ab44236b32ed41eb0636797e8e8e885a2f3b18a

References

https://git.kernel.org/stable/c/603158d4efa98a13a746bd586...

https://git.kernel.org/stable/c/ef250c3edd995d7bb5a5e5122...

https://git.kernel.org/stable/c/7ab44236b32ed41eb0636797e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Apr 16, 2025

JSON