SB2025090465 - Out-of-bounds read in Linux kernel hfsplus
Published: September 4, 2025
Security Bulletin ID
SB2025090465
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-38713)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_uni2asc() function in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/13604b1d7e7b125fb428cddbec6b8d92baad25d5
- https://git.kernel.org/stable/c/1ca69007e52a73bd8b84b988b61b319816ca8b01
- https://git.kernel.org/stable/c/291bb5d931c6f3cd7227b913302a17be21cf53b0
- https://git.kernel.org/stable/c/6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9
- https://git.kernel.org/stable/c/73f7da507d787b489761a0fa280716f84fa32b2f
- https://git.kernel.org/stable/c/76a4c6636a69d69409aa253b049b1be717a539c5
- https://git.kernel.org/stable/c/94458781aee6045bd3d0ad4b80b02886b9e2219b
- https://git.kernel.org/stable/c/ccf0ad56a779e6704c0b27f555dec847f50c7557
- https://git.kernel.org/stable/c/f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee