PT-2025-51567 · Linux+2 · Linux Kernel+2

Published

2025-08-31

·

Updated

2026-05-07

·

CVE-2025-40351

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc6-dirty #17
Description The Linux kernel contains a flaw in the HFS+ file system implementation. Specifically, a kernel memory safety issue (KMSAN) exists due to an uninitialized value in the hfsplus delete cat() function. This issue can lead to a kernel panic, as reported by the syzbot testing framework. The issue is related to memory allocation and handling within the HFS+ file system, potentially triggered during directory removal operations. The call trace indicates involvement of functions such as hfsplus subfolders dec, hfsplus rmdir, vfs rmdir, and do rmdir. The root cause appears to be related to uninitialized memory being used in the hfsplus subfolders inc function, which is called during the creation of catalog entries.
Recommendations Update to a newer version of the Linux kernel that addresses this issue.

Exploit

Fix

Improper Resource Release

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2026-01340
CVE-2025-40351
OESA-2026-1759
OESA-2026-1760
OESA-2026-1761
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0293-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:0316-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu