#VU114810 Out-of-bounds read in Linux kernel - CVE-2025-38713
Published: September 4, 2025
Vulnerability identifier: #VU114810
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38713
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_uni2asc() function in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/13604b1d7e7b125fb428cddbec6b8d92baad25d5
- https://git.kernel.org/stable/c/1ca69007e52a73bd8b84b988b61b319816ca8b01
- https://git.kernel.org/stable/c/291bb5d931c6f3cd7227b913302a17be21cf53b0
- https://git.kernel.org/stable/c/6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9
- https://git.kernel.org/stable/c/73f7da507d787b489761a0fa280716f84fa32b2f
- https://git.kernel.org/stable/c/76a4c6636a69d69409aa253b049b1be717a539c5
- https://git.kernel.org/stable/c/94458781aee6045bd3d0ad4b80b02886b9e2219b
- https://git.kernel.org/stable/c/ccf0ad56a779e6704c0b27f555dec847f50c7557
- https://git.kernel.org/stable/c/f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee