SB2025103116 - Out-of-bounds read in Linux kernel hfsplus
Published: October 31, 2025
Security Bulletin ID
SB2025103116
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-40088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_strcasecmp() and hfsplus_strcmp() functions in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/42520df65bf67189541a425f7d36b0b3e7bd7844
- https://git.kernel.org/stable/c/4bc081ba6c52b0c88c92701e3fbc33c7e2277afb
- https://git.kernel.org/stable/c/4f5ab4a9c6abd8b0d713cc2b7b041bc10d70f241
- https://git.kernel.org/stable/c/586c75dfd1d265c4150f6529debb85c9d62e101f
- https://git.kernel.org/stable/c/603158d4efa98a13a746bd586c20f194f4a31ec8
- https://git.kernel.org/stable/c/7ab44236b32ed41eb0636797e8e8e885a2f3b18a
- https://git.kernel.org/stable/c/b47a75b6f762321f9eb6f31aab7bce47a37063b7
- https://git.kernel.org/stable/c/ef250c3edd995d7bb5a5e5122ffad1c28a8686eb