CVE-2025-71271
Memory Leak in Linux Kernel HFS+ Filesystem
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | hfsplus | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's hfsplus filesystem implementation. When hfsplus was updated to use a new mount API, a bug was introduced in how the filesystem-specific data (sb->s_fs_info) was allocated and managed. Specifically, if the function setup_bdev_super() fails after a new superblock is allocated but before hfsplus_fill_super() takes ownership of the filesystem-specific data, the sb->s_fs_info data is leaked because it is not properly freed.
The fix involves ensuring that sb->s_fs_info is always cleaned up by freeing it in the hfsplus_kill_super() function to prevent this memory leak.
How can this vulnerability impact me? :
This vulnerability can lead to a memory leak in the Linux kernel when mounting hfsplus filesystems. Over time, repeated failures in mounting could cause increased memory consumption, potentially degrading system performance or leading to resource exhaustion.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in the Linux kernel related to hfsplus has been resolved by ensuring that sb->s_fs_info is always cleaned up properly. To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix where sb->s_fs_info is freed in hfsplus_kill_super().