PT-2025-51565 · Linux+2 · Linux Kernel+2

Published

2025-08-18

·

Updated

2026-05-07

·

CVE-2025-40349

CVSS v2.0

4.4

Medium

VectorAV:L/AC:M/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc2-gc17b750b3ad9
Description The Linux kernel's HFS Plus file system implementation contained a flaw in the hfsplus bmap alloc function. Specifically, insufficient validation of record offsets and lengths could lead to out-of-bounds memory access when allocating free nodes. This occurs because the function retrieves bitmap information using a node's page and offset/length values obtained from hfs brec lenoff. If these retrieved values are invalid (exceeding node size), the code may access pages outside the allocated range for that node. The issue was addressed by adding validation of both offset and length before use, preventing out-of-bounds page access. The functions is bnode offset valid and check and correct requested length were moved to hfsplus fs.h as they may be required by other functions.
Recommendations Linux kernel versions prior to 6.17.0-rc2-gc17b750b3ad9 should be updated to a newer version that includes the fix.

Exploit

Fix

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2026-02901
CVE-2025-40349
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0293-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:0316-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu