CVE-2025-40244 - Vulnerability Details

- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()

Description

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()

The syzbot reported issue in __hfsplus_ext_cache_extent():

[ 70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x7d0/0x990
[ 70.195022][ T9350] __hfsplus_ext_cache_extent+0x7d0/0x990
[ 70.195530][ T9350] hfsplus_file_extend+0x74f/0x1cf0
[ 70.195998][ T9350] hfsplus_get_block+0xe16/0x17b0
[ 70.196458][ T9350] __block_write_begin_int+0x962/0x2ce0
[ 70.196959][ T9350] cont_write_begin+0x1000/0x1950
[ 70.197416][ T9350] hfsplus_write_begin+0x85/0x130
[ 70.197873][ T9350] generic_perform_write+0x3e8/0x1060
[ 70.198374][ T9350] __generic_file_write_iter+0x215/0x460
[ 70.198892][ T9350] generic_file_write_iter+0x109/0x5e0
[ 70.199393][ T9350] vfs_write+0xb0f/0x14e0
[ 70.199771][ T9350] ksys_write+0x23e/0x490
[ 70.200149][ T9350] __x64_sys_write+0x97/0xf0
[ 70.200570][ T9350] x64_sys_call+0x3015/0x3cf0
[ 70.201065][ T9350] do_syscall_64+0xd9/0x1d0
[ 70.201506][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.202054][ T9350]
[ 70.202279][ T9350] Uninit was created at:
[ 70.202693][ T9350] __kmalloc_noprof+0x621/0xf80
[ 70.203149][ T9350] hfsplus_find_init+0x8d/0x1d0
[ 70.203602][ T9350] hfsplus_file_extend+0x6ca/0x1cf0
[ 70.204087][ T9350] hfsplus_get_block+0xe16/0x17b0
[ 70.204561][ T9350] __block_write_begin_int+0x962/0x2ce0
[ 70.205074][ T9350] cont_write_begin+0x1000/0x1950
[ 70.205547][ T9350] hfsplus_write_begin+0x85/0x130
[ 70.206017][ T9350] generic_perform_write+0x3e8/0x1060
[ 70.206519][ T9350] __generic_file_write_iter+0x215/0x460
[ 70.207042][ T9350] generic_file_write_iter+0x109/0x5e0
[ 70.207552][ T9350] vfs_write+0xb0f/0x14e0
[ 70.207961][ T9350] ksys_write+0x23e/0x490
[ 70.208375][ T9350] __x64_sys_write+0x97/0xf0
[ 70.208810][ T9350] x64_sys_call+0x3015/0x3cf0
[ 70.209255][ T9350] do_syscall_64+0xd9/0x1d0
[ 70.209680][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.210230][ T9350]
[ 70.210454][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Not tainted 6.12.0-rc5 #5
[ 70.211174][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 70.212115][ T9350] =====================================================
[ 70.212734][ T9350] Disabling lock debugging due to kernel taint
[ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic set ...
[ 70.213858][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Tainted: G B 6.12.0-rc5 #5
[ 70.214679][ T9350] Tainted: [B]=BAD_PAGE
[ 70.215057][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 70.215999][ T9350] Call Trace:
[ 70.216309][ T9350] <TASK>
[ 70.216585][ T9350] dump_stack_lvl+0x1fd/0x2b0
[ 70.217025][ T9350] dump_stack+0x1e/0x30
[ 70.217421][ T9350] panic+0x502/0xca0
[ 70.217803][ T9350] ? kmsan_get_metadata+0x13e/0x1c0

[ 70.218294][ Message fromT sy9350] kmsan_report+0x296/slogd@syzkaller 0x2aat Aug 18 22:11:058 ...
kernel
:[ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic [ 70.220179][ T9350] ? kmsan_get_metadata+0x13e/0x1c0
set ...
[ 70.221254][ T9350] ? __msan_warning+0x96/0x120
[ 70.222066][ T9350] ? __hfsplus_ext_cache_extent+0x7d0/0x990
[ 70.223023][ T9350] ? hfsplus_file_extend+0x74f/0x1cf0
[ 70.224120][ T9350] ? hfsplus_get_block+0xe16/0x17b0
[ 70.224946][ T9350] ? __block_write_begin_int+0x962/0x2ce0
[ 70.225756][ T9350] ? cont_write_begin+0x1000/0x1950
[ 70.226337][ T9350] ? hfsplus_write_begin+0x85/0x130
[ 70.226852][ T9350] ? generic_perform_write+0x3e8/0x1060
[ 70.227405][ T9350] ? __generic_file_write_iter+0x215/0x460
[ 70.227979][ T9350] ? generic_file_write_iter+0x109/0x5e0
[ 70.228540][ T9350] ? vfs_write+0xb0f/0x14e0
[ 70.228997][ T9350] ? ksys_write+0x23e/0x490
---truncated---

Published: 2025-12-04

Score: 7.0 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< c1ec90bed504640a42bb20a5f413be39cd17ad71
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< b8a72692aa42b7dcd179a96b90bc2763ac74576a
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< c135b8dca65526aa5b8814e9954e0ae317d9c598
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< d7e313039a8f3a6ee072dc5ff4643234d2d735cf
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< a5bfb13b4f406aef1a450f99d22d3e48df01528c
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 99202d94909d323a30d154ab0261c0a07166daec
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 14c673a2f3ecf650b694a52a88688f1d71849899
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 4840ceadef4290c56cc422f0fc697655f3cbf070

Linux

affected

Version	Status	Constraints
`2.6.12`	affected	—
`0`	unaffected	< 2.6.12
`5.4.301`	unaffected	≤ 5.4.*
`5.10.246`	unaffected	≤ 5.10.*
`5.15.196`	unaffected	≤ 5.15.*
`6.1.158`	unaffected	≤ 6.1.*
`6.6.115`	unaffected	≤ 6.6.*
`6.12.56`	unaffected	≤ 6.12.*
`6.17.6`	unaffected	≤ 6.17.*
`6.18`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4404-1	linux security update
Ubuntu USN	USN-8029-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8030-1	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-8033-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8033-2	Linux kernel vulnerabilities
Ubuntu USN	USN-8033-3	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8034-1	Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN	USN-8033-4	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-8029-2	Linux kernel vulnerabilities
Ubuntu USN	USN-8033-5	Linux kernel vulnerabilities
Ubuntu USN	USN-8034-2	Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Ubuntu USN	USN-8048-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-8033-6	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-8033-7	Linux kernel vulnerabilities
Ubuntu USN	USN-8033-8	Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN	USN-8029-3	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8095-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8095-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8100-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-8095-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8095-4	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-8125-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8126-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8095-5	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-8141-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-8163-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8165-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8163-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8243-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8261-1	Linux kernel (Xilinx) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/14c673a2f3ecf650b694a52a88688f1d71849899
https://git.kernel.org/stable/c/4840ceadef4290c56cc422f0fc697655f3cbf070
https://git.kernel.org/stable/c/99202d94909d323a30d154ab0261c0a07166daec
https://git.kernel.org/stable/c/a5bfb13b4f406aef1a450f99d22d3e48df01528c
https://git.kernel.org/stable/c/b8a72692aa42b7dcd179a96b90bc2763ac74576a
https://git.kernel.org/stable/c/c135b8dca65526aa5b8814e9954e0ae317d9c598
https://git.kernel.org/stable/c/c1ec90bed504640a42bb20a5f413be39cd17ad71
https://git.kernel.org/stable/c/d7e313039a8f3a6ee072dc5ff4643234d2d735cf
https://lore.kernel.org/linux-cve-announce/2025120404-CVE-2025-40244-941b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-40244
https://www.cve.org/CVERecord?id=CVE-2025-40244

History

Sat, 06 Dec 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025120404-CVE-2025-40244-941b@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-40244 https://www.cve.org/CVERecord?id=CVE-2025-40244
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Thu, 04 Dec 2025 15:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() The syzbot reported issue in __hfsplus_ext_cache_extent(): [ 70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x7d0/0x990 [ 70.195022][ T9350] __hfsplus_ext_cache_extent+0x7d0/0x990 [ 70.195530][ T9350] hfsplus_file_extend+0x74f/0x1cf0 [ 70.195998][ T9350] hfsplus_get_block+0xe16/0x17b0 [ 70.196458][ T9350] __block_write_begin_int+0x962/0x2ce0 [ 70.196959][ T9350] cont_write_begin+0x1000/0x1950 [ 70.197416][ T9350] hfsplus_write_begin+0x85/0x130 [ 70.197873][ T9350] generic_perform_write+0x3e8/0x1060 [ 70.198374][ T9350] __generic_file_write_iter+0x215/0x460 [ 70.198892][ T9350] generic_file_write_iter+0x109/0x5e0 [ 70.199393][ T9350] vfs_write+0xb0f/0x14e0 [ 70.199771][ T9350] ksys_write+0x23e/0x490 [ 70.200149][ T9350] __x64_sys_write+0x97/0xf0 [ 70.200570][ T9350] x64_sys_call+0x3015/0x3cf0 [ 70.201065][ T9350] do_syscall_64+0xd9/0x1d0 [ 70.201506][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.202054][ T9350] [ 70.202279][ T9350] Uninit was created at: [ 70.202693][ T9350] __kmalloc_noprof+0x621/0xf80 [ 70.203149][ T9350] hfsplus_find_init+0x8d/0x1d0 [ 70.203602][ T9350] hfsplus_file_extend+0x6ca/0x1cf0 [ 70.204087][ T9350] hfsplus_get_block+0xe16/0x17b0 [ 70.204561][ T9350] __block_write_begin_int+0x962/0x2ce0 [ 70.205074][ T9350] cont_write_begin+0x1000/0x1950 [ 70.205547][ T9350] hfsplus_write_begin+0x85/0x130 [ 70.206017][ T9350] generic_perform_write+0x3e8/0x1060 [ 70.206519][ T9350] __generic_file_write_iter+0x215/0x460 [ 70.207042][ T9350] generic_file_write_iter+0x109/0x5e0 [ 70.207552][ T9350] vfs_write+0xb0f/0x14e0 [ 70.207961][ T9350] ksys_write+0x23e/0x490 [ 70.208375][ T9350] __x64_sys_write+0x97/0xf0 [ 70.208810][ T9350] x64_sys_call+0x3015/0x3cf0 [ 70.209255][ T9350] do_syscall_64+0xd9/0x1d0 [ 70.209680][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.210230][ T9350] [ 70.210454][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Not tainted 6.12.0-rc5 #5 [ 70.211174][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.212115][ T9350] ===================================================== [ 70.212734][ T9350] Disabling lock debugging due to kernel taint [ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic set ... [ 70.213858][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Tainted: G B 6.12.0-rc5 #5 [ 70.214679][ T9350] Tainted: [B]=BAD_PAGE [ 70.215057][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.215999][ T9350] Call Trace: [ 70.216309][ T9350] <TASK> [ 70.216585][ T9350] dump_stack_lvl+0x1fd/0x2b0 [ 70.217025][ T9350] dump_stack+0x1e/0x30 [ 70.217421][ T9350] panic+0x502/0xca0 [ 70.217803][ T9350] ? kmsan_get_metadata+0x13e/0x1c0 [ 70.218294][ Message fromT sy9350] kmsan_report+0x296/slogd@syzkaller 0x2aat Aug 18 22:11:058 ... kernel :[ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic [ 70.220179][ T9350] ? kmsan_get_metadata+0x13e/0x1c0 set ... [ 70.221254][ T9350] ? __msan_warning+0x96/0x120 [ 70.222066][ T9350] ? __hfsplus_ext_cache_extent+0x7d0/0x990 [ 70.223023][ T9350] ? hfsplus_file_extend+0x74f/0x1cf0 [ 70.224120][ T9350] ? hfsplus_get_block+0xe16/0x17b0 [ 70.224946][ T9350] ? __block_write_begin_int+0x962/0x2ce0 [ 70.225756][ T9350] ? cont_write_begin+0x1000/0x1950 [ 70.226337][ T9350] ? hfsplus_write_begin+0x85/0x130 [ 70.226852][ T9350] ? generic_perform_write+0x3e8/0x1060 [ 70.227405][ T9350] ? __generic_file_write_iter+0x215/0x460 [ 70.227979][ T9350] ? generic_file_write_iter+0x109/0x5e0 [ 70.228540][ T9350] ? vfs_write+0xb0f/0x14e0 [ 70.228997][ T9350] ? ksys_write+0x23e/0x490 ---truncated---
Title		hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/14c673a2f3ecf650b694a52a88688f1d71849899 https://git.kernel.org/stable/c/4840ceadef4290c56cc422f0fc697655f3cbf070 https://git.kernel.org/stable/c/99202d94909d323a30d154ab0261c0a07166daec https://git.kernel.org/stable/c/a5bfb13b4f406aef1a450f99d22d3e48df01528c https://git.kernel.org/stable/c/b8a72692aa42b7dcd179a96b90bc2763ac74576a https://git.kernel.org/stable/c/c135b8dca65526aa5b8814e9954e0ae317d9c598 https://git.kernel.org/stable/c/c1ec90bed504640a42bb20a5f413be39cd17ad71 https://git.kernel.org/stable/c/d7e313039a8f3a6ee072dc5ff4643234d2d735cf

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-04T15:31:33.249Z

Updated: 2026-05-11T21:45:34.841Z

Reserved: 2025-04-16T07:20:57.181Z

Link: CVE-2025-40244

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-04T16:16:17.670

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-40244

Redhat

Severity : Moderate

Publid Date: 2025-12-04T00:00:00Z

Links: CVE-2025-40244 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object