CVE-2025-40243

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-syzkaller

Description The Linux kernel had an uninitialized value issue within the hfs find set zero bits() function, specifically related to the HFS filesystem. The issue was identified by syzbot and involved the potential for memory allocated via kmalloc() to contain garbage data, which could lead to incorrect bitmap operations and potentially file system corruption. The fix involves changing the memory allocation function from kmalloc() to kzalloc(), which guarantees that the allocated memory is initialized to zero.

Recommendations Update to Linux kernel version 6.16.0-syzkaller or later.

Exploit

Fix

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

BDU:2026-01369

CVE-2025-40243

DLA-4404-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8033-1

USN-8033-2

USN-8033-3

USN-8033-4

USN-8033-5

USN-8033-6

USN-8033-7

USN-8033-8

USN-8034-1

USN-8034-2

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8141-1

USN-8163-1

USN-8163-2

USN-8165-1

USN-8243-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-40243

Weakness Enumeration

Related Identifiers

Affected Products

References · 1715