Uninitialized Value Vulnerability in Linux Kernel's HFS+ File System by Linux Foundation
CVE-2025-40244

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 December 2025

What is CVE-2025-40244?

The vulnerability in the Linux kernel's HFS+ file system arises from an uninitialized value issue in the __hfsplus_ext_cache_extent function. This flaw can potentially lead to a kernel panic state, rendering the system unresponsive while trying to execute file-write operations. The issue was reported by syzbot and has been resolved in subsequent kernel updates. System administrators are advised to update their Linux kernel to prevent exploitation of this vulnerability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/c1ec90bed504640a42bb20a5f...
https://git.kernel.org/stable/c/b8a72692aa42b7dcd179a96b9...
https://git.kernel.org/stable/c/c135b8dca65526aa5b8814e99...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-40244 : Uninitialized Value Vulnerability in Linux Kernel's HFS+ File System by Linux Foundation