Memory Initialization Flaw in HFS Implementation of Linux Kernel by The Linux Foundation
CVE-2025-40243

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40243?

A memory initialization flaw exists in the HFS (Hierarchical File System) implementation of the Linux kernel. Specifically, within the hfs_find_set_zero_bits() function, uninitialized memory can lead to erroneous bitmap operations, affecting file system stability. This flaw can cause potential volume corruptions when 'garbage' data is present in the allocated buffer during bitmap management operations. To address this, a patch has been introduced to replace the use of kmalloc() with kzalloc(), ensuring that newly allocated buffers are properly initialized to zero, thereby preventing inconsistencies and enhancing overall file system reliability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2a112cdd66f5a132da5235ca31a320528c86bf33

References

https://git.kernel.org/stable/c/fc56548fca732f3d3692c83b4...

https://git.kernel.org/stable/c/bf1683078fbdd09a7f7f9b741...

https://git.kernel.org/stable/c/2a112cdd66f5a132da5235ca3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON