PT-2025-44150 · Linux+4 · Linux Kernel+4

Published

2025-09-09

·

Updated

2026-06-16

·

CVE-2025-40082

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.4
Description The Linux kernel contains a flaw within the HFSplus file system implementation. Specifically, a slab-out-of-bounds read exists in the hfsplus uni2asc() function when handling extended attributes. This issue arises because the function incorrectly processes Unicode strings, potentially leading to memory corruption when called from hfsplus listxattr. The root cause is an insufficient fix in a previous commit, resulting in a pointer exceeding allocated memory boundaries. The issue is triggered when the ustrlen value exceeds the allocated memory size.
Recommendations Upgrade to Linux kernel version 6.16.4 or later to address this issue.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2025-16395
CVE-2025-40082
ECHO-7684-FED8-7585
OESA-2025-2765
OESA-2025-2766
OESA-2025-2767
OPENSUSE-SU-2025:15702-1
OPENSUSE-SU-2026:10301-1
SUSE-SU-2025:21040-1
SUSE-SU-2025:21052-1
SUSE-SU-2025:21056-1
SUSE-SU-2025:21064-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4128-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4135-1
SUSE-SU-2025:4140-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4188-1
SUSE-SU-2025:4189-1
SUSE-SU-2025:4301-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8048-1
USN-8278-1
USN-8278-2
USN-8289-1
USN-8289-2
USN-8296-1
USN-8296-2
USN-8393-1
USN-8440-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu