#VU117848 Out-of-bounds read in Linux kernel - CVE-2025-40088
Published: October 31, 2025
Vulnerability identifier: #VU117848
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-40088
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_strcasecmp() and hfsplus_strcmp() functions in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/42520df65bf67189541a425f7d36b0b3e7bd7844
- https://git.kernel.org/stable/c/4bc081ba6c52b0c88c92701e3fbc33c7e2277afb
- https://git.kernel.org/stable/c/4f5ab4a9c6abd8b0d713cc2b7b041bc10d70f241
- https://git.kernel.org/stable/c/586c75dfd1d265c4150f6529debb85c9d62e101f
- https://git.kernel.org/stable/c/603158d4efa98a13a746bd586c20f194f4a31ec8
- https://git.kernel.org/stable/c/7ab44236b32ed41eb0636797e8e8e885a2f3b18a
- https://git.kernel.org/stable/c/b47a75b6f762321f9eb6f31aab7bce47a37063b7
- https://git.kernel.org/stable/c/ef250c3edd995d7bb5a5e5122ffad1c28a8686eb