SB2025120457 - Use-after-free in Linux kernel hfs
Published: December 4, 2025
Security Bulletin ID
SB2025120457
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-40243)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfs_mdb_get() function in fs/hfs/mdb.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2048ec5b98dbdfe0b929d2e42dc7a54c389c53dd
- https://git.kernel.org/stable/c/2a112cdd66f5a132da5235ca31a320528c86bf33
- https://git.kernel.org/stable/c/3b447fd401824e1ccf0b769188edefe866a1e676
- https://git.kernel.org/stable/c/502fa92a71f344611101bd04ef1a595b8b6014f5
- https://git.kernel.org/stable/c/bf1683078fbdd09a7f7f9b74121ebaa03432bd00
- https://git.kernel.org/stable/c/cfafefcb0e1fc60135f7040f4aed0a4aef4f76ca
- https://git.kernel.org/stable/c/e148ed5cda8fd96d4620c4622fb02f552a2d166a
- https://git.kernel.org/stable/c/fc56548fca732f3d3692c83b40db796259a03887