CVE-2025-71271
Memory Leak in Linux Kernel HFS+ Filesystem
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | hfsplus | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in the Linux kernel related to hfsplus has been resolved by ensuring that sb->s_fs_info is always cleaned up properly. To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix where sb->s_fs_info is freed in hfsplus_kill_super().
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's hfsplus filesystem implementation. When hfsplus was updated to use a new mount API, a bug was introduced in how the filesystem-specific data (sb->s_fs_info) was allocated and managed. Specifically, if the function setup_bdev_super() fails after a new superblock is allocated but before hfsplus_fill_super() takes ownership of the filesystem-specific data, the sb->s_fs_info data is leaked because it is not properly freed.
The fix involves ensuring that sb->s_fs_info is always cleaned up by freeing it in the hfsplus_kill_super() function to prevent this memory leak.
How can this vulnerability impact me? :
This vulnerability can lead to a memory leak in the Linux kernel when mounting hfsplus filesystems. Over time, repeated failures in mounting could cause increased memory consumption, potentially degrading system performance or leading to resource exhaustion.