Out-of-bounds read in Linux kernel hfs
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-37782 |
| CWE-ID | CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU108254
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37782
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfs_bnode_read_key() function in fs/hfsplus/bnode.c, within the hfs_bnode_read_key() function in fs/hfs/bnode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.10 - 5.10.236
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.3:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/0296f9733543c7c8e666e69da743cfffd32dd805
https://git.kernel.org/stable/c/8060afd77761eac2048db12fb0510d76ce0cf1f3
https://git.kernel.org/stable/c/84e8719c087e68c967975b78e67be54f697c957f
https://git.kernel.org/stable/c/9c93fb4ad8d3b730afe1a09949ebbea64d4f60eb
https://git.kernel.org/stable/c/9f77aa584a659b21211a794e53522e6fb16d4a16
https://git.kernel.org/stable/c/a33c035df01d1e008874607da74bf7cf45152f47
https://git.kernel.org/stable/c/bb5e07cb927724e0b47be371fa081141cfb14414
https://git.kernel.org/stable/c/f6651c04191d49907d40f0891bbe51ef9703c792
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.237
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
