CVE-2025-38715

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's handling of HFS file system operations. Specifically, the issue involves a slab-out-of-bounds write in the hfs bnode read() function. The patch introduces is bnode offset valid() and check and correct requested length() methods to validate offset values and correct requested lengths, preventing access outside allocated memory and potential crashes. The functions hfs bnode read(), hfs bnode write(), hfs bnode clear(), hfs bnode copy(), and hfs bnode move() are affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2025-15751

CVE-2025-38715

DLA-4327-1

DLA-4328-1

DSA-6009-1

ECHO-9D82-18FD-943C

MGASA-2025-0234

MGASA-2025-0235

SUSE-SU-2025:03600-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

USN-7909-1

USN-7909-2

USN-7909-3

USN-7909-4

USN-7909-5

USN-7910-1

USN-7910-2

USN-7933-1

USN-7938-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-38715

Weakness Enumeration

Related Identifiers

Affected Products

References · 2697