CVE-2025-38712
BaseFortify
Publication date: 2025-09-04
Last updated on: 2026-03-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153-1 |
| linux | linux_kernel | 5.10.244-1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's hfsplus filesystem code. When the volume header contains incorrect values that do not match the actual filesystem state, the function hfsplus_fill_super() mistakenly assumes that the attributes file has not been created yet. This leads to a call to hfsplus_create_attributes_file(), which triggers a BUG_ON() condition, causing a kernel crash. The fix replaces this BUG_ON() with an error return (-EIO) and a message suggesting to run the fsck tool to repair the filesystem.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash (kernel panic) when mounting or accessing an hfsplus filesystem with a corrupted volume header. This can lead to system instability, potential data loss, or denial of service until the filesystem is repaired using fsck.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is related to the hfsplus filesystem in the Linux kernel where erroneous volume header values cause a BUG_ON() panic. The immediate mitigation step is to run the fsck tool on the affected filesystem to check and repair filesystem inconsistencies, as suggested by the error message replacing BUG_ON().