github - ghsa-38x9-7hc9-22jf

GHSA-38X9-7HC9-22JF

Vulnerability from github – Published: 2025-12-04 18:30 – Updated: 2025-12-04 18:30

Details

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()

The syzbot reported issue in __hfsplus_ext_cache_extent():

[ 70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x7d0/0x990 [ 70.195022][ T9350] __hfsplus_ext_cache_extent+0x7d0/0x990 [ 70.195530][ T9350] hfsplus_file_extend+0x74f/0x1cf0 [ 70.195998][ T9350] hfsplus_get_block+0xe16/0x17b0 [ 70.196458][ T9350] __block_write_begin_int+0x962/0x2ce0 [ 70.196959][ T9350] cont_write_begin+0x1000/0x1950 [ 70.197416][ T9350] hfsplus_write_begin+0x85/0x130 [ 70.197873][ T9350] generic_perform_write+0x3e8/0x1060 [ 70.198374][ T9350] __generic_file_write_iter+0x215/0x460 [ 70.198892][ T9350] generic_file_write_iter+0x109/0x5e0 [ 70.199393][ T9350] vfs_write+0xb0f/0x14e0 [ 70.199771][ T9350] ksys_write+0x23e/0x490 [ 70.200149][ T9350] __x64_sys_write+0x97/0xf0 [ 70.200570][ T9350] x64_sys_call+0x3015/0x3cf0 [ 70.201065][ T9350] do_syscall_64+0xd9/0x1d0 [ 70.201506][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.202054][ T9350] [ 70.202279][ T9350] Uninit was created at: [ 70.202693][ T9350] __kmalloc_noprof+0x621/0xf80 [ 70.203149][ T9350] hfsplus_find_init+0x8d/0x1d0 [ 70.203602][ T9350] hfsplus_file_extend+0x6ca/0x1cf0 [ 70.204087][ T9350] hfsplus_get_block+0xe16/0x17b0 [ 70.204561][ T9350] __block_write_begin_int+0x962/0x2ce0 [ 70.205074][ T9350] cont_write_begin+0x1000/0x1950 [ 70.205547][ T9350] hfsplus_write_begin+0x85/0x130 [ 70.206017][ T9350] generic_perform_write+0x3e8/0x1060 [ 70.206519][ T9350] __generic_file_write_iter+0x215/0x460 [ 70.207042][ T9350] generic_file_write_iter+0x109/0x5e0 [ 70.207552][ T9350] vfs_write+0xb0f/0x14e0 [ 70.207961][ T9350] ksys_write+0x23e/0x490 [ 70.208375][ T9350] __x64_sys_write+0x97/0xf0 [ 70.208810][ T9350] x64_sys_call+0x3015/0x3cf0 [ 70.209255][ T9350] do_syscall_64+0xd9/0x1d0 [ 70.209680][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.210230][ T9350] [ 70.210454][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Not tainted 6.12.0-rc5 #5 [ 70.211174][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.212115][ T9350] ===================================================== [ 70.212734][ T9350] Disabling lock debugging due to kernel taint [ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic set ... [ 70.213858][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Tainted: G B 6.12.0-rc5 #5 [ 70.214679][ T9350] Tainted: [B]=BAD_PAGE [ 70.215057][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.215999][ T9350] Call Trace: [ 70.216309][ T9350] [ 70.216585][ T9350] dump_stack_lvl+0x1fd/0x2b0 [ 70.217025][ T9350] dump_stack+0x1e/0x30 [ 70.217421][ T9350] panic+0x502/0xca0 [ 70.217803][ T9350] ? kmsan_get_metadata+0x13e/0x1c0

[ 70.218294][ Message fromT sy9350] kmsan_report+0x296/slogd@syzkaller 0x2aat Aug 18 22:11:058 ... kernel :[ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic [ 70.220179][ T9350] ? kmsan_get_metadata+0x13e/0x1c0 set ... [ 70.221254][ T9350] ? __msan_warning+0x96/0x120 [ 70.222066][ T9350] ? __hfsplus_ext_cache_extent+0x7d0/0x990 [ 70.223023][ T9350] ? hfsplus_file_extend+0x74f/0x1cf0 [ 70.224120][ T9350] ? hfsplus_get_block+0xe16/0x17b0 [ 70.224946][ T9350] ? __block_write_begin_int+0x962/0x2ce0 [ 70.225756][ T9350] ? cont_write_begin+0x1000/0x1950 [ 70.226337][ T9350] ? hfsplus_write_begin+0x85/0x130 [ 70.226852][ T9350] ? generic_perform_write+0x3e8/0x1060 [ 70.227405][ T9350] ? __generic_file_write_iter+0x215/0x460 [ 70.227979][ T9350] ? generic_file_write_iter+0x109/0x5e0 [ 70.228540][ T9350] ? vfs_write+0xb0f/0x14e0 [ 70.228997][ T9350] ? ksys_write+0x23e/0x490 ---truncated---

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-40244"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-04T16:16:17Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()\n\nThe syzbot reported issue in __hfsplus_ext_cache_extent():\n\n[   70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x7d0/0x990\n[   70.195022][ T9350]  __hfsplus_ext_cache_extent+0x7d0/0x990\n[   70.195530][ T9350]  hfsplus_file_extend+0x74f/0x1cf0\n[   70.195998][ T9350]  hfsplus_get_block+0xe16/0x17b0\n[   70.196458][ T9350]  __block_write_begin_int+0x962/0x2ce0\n[   70.196959][ T9350]  cont_write_begin+0x1000/0x1950\n[   70.197416][ T9350]  hfsplus_write_begin+0x85/0x130\n[   70.197873][ T9350]  generic_perform_write+0x3e8/0x1060\n[   70.198374][ T9350]  __generic_file_write_iter+0x215/0x460\n[   70.198892][ T9350]  generic_file_write_iter+0x109/0x5e0\n[   70.199393][ T9350]  vfs_write+0xb0f/0x14e0\n[   70.199771][ T9350]  ksys_write+0x23e/0x490\n[   70.200149][ T9350]  __x64_sys_write+0x97/0xf0\n[   70.200570][ T9350]  x64_sys_call+0x3015/0x3cf0\n[   70.201065][ T9350]  do_syscall_64+0xd9/0x1d0\n[   70.201506][ T9350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.202054][ T9350]\n[   70.202279][ T9350] Uninit was created at:\n[   70.202693][ T9350]  __kmalloc_noprof+0x621/0xf80\n[   70.203149][ T9350]  hfsplus_find_init+0x8d/0x1d0\n[   70.203602][ T9350]  hfsplus_file_extend+0x6ca/0x1cf0\n[   70.204087][ T9350]  hfsplus_get_block+0xe16/0x17b0\n[   70.204561][ T9350]  __block_write_begin_int+0x962/0x2ce0\n[   70.205074][ T9350]  cont_write_begin+0x1000/0x1950\n[   70.205547][ T9350]  hfsplus_write_begin+0x85/0x130\n[   70.206017][ T9350]  generic_perform_write+0x3e8/0x1060\n[   70.206519][ T9350]  __generic_file_write_iter+0x215/0x460\n[   70.207042][ T9350]  generic_file_write_iter+0x109/0x5e0\n[   70.207552][ T9350]  vfs_write+0xb0f/0x14e0\n[   70.207961][ T9350]  ksys_write+0x23e/0x490\n[   70.208375][ T9350]  __x64_sys_write+0x97/0xf0\n[   70.208810][ T9350]  x64_sys_call+0x3015/0x3cf0\n[   70.209255][ T9350]  do_syscall_64+0xd9/0x1d0\n[   70.209680][ T9350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.210230][ T9350]\n[   70.210454][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Not tainted 6.12.0-rc5 #5\n[   70.211174][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   70.212115][ T9350] =====================================================\n[   70.212734][ T9350] Disabling lock debugging due to kernel taint\n[   70.213284][ T9350] Kernel panic - not syncing: kmsan.panic set ...\n[   70.213858][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Tainted: G    B              6.12.0-rc5 #5\n[   70.214679][ T9350] Tainted: [B]=BAD_PAGE\n[   70.215057][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   70.215999][ T9350] Call Trace:\n[   70.216309][ T9350]  \u003cTASK\u003e\n[   70.216585][ T9350]  dump_stack_lvl+0x1fd/0x2b0\n[   70.217025][ T9350]  dump_stack+0x1e/0x30\n[   70.217421][ T9350]  panic+0x502/0xca0\n[   70.217803][ T9350]  ? kmsan_get_metadata+0x13e/0x1c0\n\n[   70.218294][ Message fromT sy9350]  kmsan_report+0x296/slogd@syzkaller 0x2aat Aug 18 22:11:058 ...\n kernel\n:[   70.213284][ T9350] Kernel panic - not syncing: kmsan.panic [   70.220179][ T9350]  ? kmsan_get_metadata+0x13e/0x1c0\nset ...\n[   70.221254][ T9350]  ? __msan_warning+0x96/0x120\n[   70.222066][ T9350]  ? __hfsplus_ext_cache_extent+0x7d0/0x990\n[   70.223023][ T9350]  ? hfsplus_file_extend+0x74f/0x1cf0\n[   70.224120][ T9350]  ? hfsplus_get_block+0xe16/0x17b0\n[   70.224946][ T9350]  ? __block_write_begin_int+0x962/0x2ce0\n[   70.225756][ T9350]  ? cont_write_begin+0x1000/0x1950\n[   70.226337][ T9350]  ? hfsplus_write_begin+0x85/0x130\n[   70.226852][ T9350]  ? generic_perform_write+0x3e8/0x1060\n[   70.227405][ T9350]  ? __generic_file_write_iter+0x215/0x460\n[   70.227979][ T9350]  ? generic_file_write_iter+0x109/0x5e0\n[   70.228540][ T9350]  ? vfs_write+0xb0f/0x14e0\n[   70.228997][ T9350]  ? ksys_write+0x23e/0x490\n---truncated---",
  "id": "GHSA-38x9-7hc9-22jf",
  "modified": "2025-12-04T18:30:52Z",
  "published": "2025-12-04T18:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40244"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14c673a2f3ecf650b694a52a88688f1d71849899"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4840ceadef4290c56cc422f0fc697655f3cbf070"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/99202d94909d323a30d154ab0261c0a07166daec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a5bfb13b4f406aef1a450f99d22d3e48df01528c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b8a72692aa42b7dcd179a96b90bc2763ac74576a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c135b8dca65526aa5b8814e9954e0ae317d9c598"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1ec90bed504640a42bb20a5f413be39cd17ad71"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d7e313039a8f3a6ee072dc5ff4643234d2d735cf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-40244 (GCVE-0-2025-40244)

Vulnerability from cvelistv5 – Published: 2025-12-04 15:31 – Updated: 2025-12-04 15:31

Summary

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() The syzbot reported issue in __hfsplus_ext_cache_extent(): [ 70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x7d0/0x990 [ 70.195022][ T9350] __hfsplus_ext_cache_extent+0x7d0/0x990 [ 70.195530][ T9350] hfsplus_file_extend+0x74f/0x1cf0 [ 70.195998][ T9350] hfsplus_get_block+0xe16/0x17b0 [ 70.196458][ T9350] __block_write_begin_int+0x962/0x2ce0 [ 70.196959][ T9350] cont_write_begin+0x1000/0x1950 [ 70.197416][ T9350] hfsplus_write_begin+0x85/0x130 [ 70.197873][ T9350] generic_perform_write+0x3e8/0x1060 [ 70.198374][ T9350] __generic_file_write_iter+0x215/0x460 [ 70.198892][ T9350] generic_file_write_iter+0x109/0x5e0 [ 70.199393][ T9350] vfs_write+0xb0f/0x14e0 [ 70.199771][ T9350] ksys_write+0x23e/0x490 [ 70.200149][ T9350] __x64_sys_write+0x97/0xf0 [ 70.200570][ T9350] x64_sys_call+0x3015/0x3cf0 [ 70.201065][ T9350] do_syscall_64+0xd9/0x1d0 [ 70.201506][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.202054][ T9350] [ 70.202279][ T9350] Uninit was created at: [ 70.202693][ T9350] __kmalloc_noprof+0x621/0xf80 [ 70.203149][ T9350] hfsplus_find_init+0x8d/0x1d0 [ 70.203602][ T9350] hfsplus_file_extend+0x6ca/0x1cf0 [ 70.204087][ T9350] hfsplus_get_block+0xe16/0x17b0 [ 70.204561][ T9350] __block_write_begin_int+0x962/0x2ce0 [ 70.205074][ T9350] cont_write_begin+0x1000/0x1950 [ 70.205547][ T9350] hfsplus_write_begin+0x85/0x130 [ 70.206017][ T9350] generic_perform_write+0x3e8/0x1060 [ 70.206519][ T9350] __generic_file_write_iter+0x215/0x460 [ 70.207042][ T9350] generic_file_write_iter+0x109/0x5e0 [ 70.207552][ T9350] vfs_write+0xb0f/0x14e0 [ 70.207961][ T9350] ksys_write+0x23e/0x490 [ 70.208375][ T9350] __x64_sys_write+0x97/0xf0 [ 70.208810][ T9350] x64_sys_call+0x3015/0x3cf0 [ 70.209255][ T9350] do_syscall_64+0xd9/0x1d0 [ 70.209680][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.210230][ T9350] [ 70.210454][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Not tainted 6.12.0-rc5 #5 [ 70.211174][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.212115][ T9350] ===================================================== [ 70.212734][ T9350] Disabling lock debugging due to kernel taint [ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic set ... [ 70.213858][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Tainted: G B 6.12.0-rc5 #5 [ 70.214679][ T9350] Tainted: [B]=BAD_PAGE [ 70.215057][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.215999][ T9350] Call Trace: [ 70.216309][ T9350] <TASK> [ 70.216585][ T9350] dump_stack_lvl+0x1fd/0x2b0 [ 70.217025][ T9350] dump_stack+0x1e/0x30 [ 70.217421][ T9350] panic+0x502/0xca0 [ 70.217803][ T9350] ? kmsan_get_metadata+0x13e/0x1c0 [ 70.218294][ Message fromT sy9350] kmsan_report+0x296/slogd@syzkaller 0x2aat Aug 18 22:11:058 ... kernel :[ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic [ 70.220179][ T9350] ? kmsan_get_metadata+0x13e/0x1c0 set ... [ 70.221254][ T9350] ? __msan_warning+0x96/0x120 [ 70.222066][ T9350] ? __hfsplus_ext_cache_extent+0x7d0/0x990 [ 70.223023][ T9350] ? hfsplus_file_extend+0x74f/0x1cf0 [ 70.224120][ T9350] ? hfsplus_get_block+0xe16/0x17b0 [ 70.224946][ T9350] ? __block_write_begin_int+0x962/0x2ce0 [ 70.225756][ T9350] ? cont_write_begin+0x1000/0x1950 [ 70.226337][ T9350] ? hfsplus_write_begin+0x85/0x130 [ 70.226852][ T9350] ? generic_perform_write+0x3e8/0x1060 [ 70.227405][ T9350] ? __generic_file_write_iter+0x215/0x460 [ 70.227979][ T9350] ? generic_file_write_iter+0x109/0x5e0 [ 70.228540][ T9350] ? vfs_write+0xb0f/0x14e0 [ 70.228997][ T9350] ? ksys_write+0x23e/0x490 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c1ec90bed504640a4…
	https://git.kernel.org/stable/c/b8a72692aa42b7dcd…
	https://git.kernel.org/stable/c/c135b8dca65526aa5…
	https://git.kernel.org/stable/c/d7e313039a8f3a6ee…
	https://git.kernel.org/stable/c/a5bfb13b4f406aef1…
	https://git.kernel.org/stable/c/99202d94909d323a3…
	https://git.kernel.org/stable/c/14c673a2f3ecf650b…
	https://git.kernel.org/stable/c/4840ceadef4290c56…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c1ec90bed504640a42bb20a5f413be39cd17ad71 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b8a72692aa42b7dcd179a96b90bc2763ac74576a (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c135b8dca65526aa5b8814e9954e0ae317d9c598 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d7e313039a8f3a6ee072dc5ff4643234d2d735cf (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a5bfb13b4f406aef1a450f99d22d3e48df01528c (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 99202d94909d323a30d154ab0261c0a07166daec (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 14c673a2f3ecf650b694a52a88688f1d71849899 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4840ceadef4290c56cc422f0fc697655f3cbf070 (git)

Linux

Unaffected: 5.4.301 , ≤ 5.4.* (semver)
Unaffected: 5.10.246 , ≤ 5.10.* (semver)
Unaffected: 5.15.196 , ≤ 5.15.* (semver)
Unaffected: 6.1.158 , ≤ 6.1.* (semver)
Unaffected: 6.6.115 , ≤ 6.6.* (semver)
Unaffected: 6.12.56 , ≤ 6.12.* (semver)
Unaffected: 6.17.6 , ≤ 6.17.* (semver)
Unaffected: 6.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/hfsplus/bfind.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c1ec90bed504640a42bb20a5f413be39cd17ad71",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b8a72692aa42b7dcd179a96b90bc2763ac74576a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c135b8dca65526aa5b8814e9954e0ae317d9c598",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d7e313039a8f3a6ee072dc5ff4643234d2d735cf",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a5bfb13b4f406aef1a450f99d22d3e48df01528c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "99202d94909d323a30d154ab0261c0a07166daec",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "14c673a2f3ecf650b694a52a88688f1d71849899",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "4840ceadef4290c56cc422f0fc697655f3cbf070",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/hfsplus/bfind.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.301",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.246",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.196",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.115",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.56",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.301",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.246",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.196",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.158",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.115",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.56",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()\n\nThe syzbot reported issue in __hfsplus_ext_cache_extent():\n\n[   70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x7d0/0x990\n[   70.195022][ T9350]  __hfsplus_ext_cache_extent+0x7d0/0x990\n[   70.195530][ T9350]  hfsplus_file_extend+0x74f/0x1cf0\n[   70.195998][ T9350]  hfsplus_get_block+0xe16/0x17b0\n[   70.196458][ T9350]  __block_write_begin_int+0x962/0x2ce0\n[   70.196959][ T9350]  cont_write_begin+0x1000/0x1950\n[   70.197416][ T9350]  hfsplus_write_begin+0x85/0x130\n[   70.197873][ T9350]  generic_perform_write+0x3e8/0x1060\n[   70.198374][ T9350]  __generic_file_write_iter+0x215/0x460\n[   70.198892][ T9350]  generic_file_write_iter+0x109/0x5e0\n[   70.199393][ T9350]  vfs_write+0xb0f/0x14e0\n[   70.199771][ T9350]  ksys_write+0x23e/0x490\n[   70.200149][ T9350]  __x64_sys_write+0x97/0xf0\n[   70.200570][ T9350]  x64_sys_call+0x3015/0x3cf0\n[   70.201065][ T9350]  do_syscall_64+0xd9/0x1d0\n[   70.201506][ T9350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.202054][ T9350]\n[   70.202279][ T9350] Uninit was created at:\n[   70.202693][ T9350]  __kmalloc_noprof+0x621/0xf80\n[   70.203149][ T9350]  hfsplus_find_init+0x8d/0x1d0\n[   70.203602][ T9350]  hfsplus_file_extend+0x6ca/0x1cf0\n[   70.204087][ T9350]  hfsplus_get_block+0xe16/0x17b0\n[   70.204561][ T9350]  __block_write_begin_int+0x962/0x2ce0\n[   70.205074][ T9350]  cont_write_begin+0x1000/0x1950\n[   70.205547][ T9350]  hfsplus_write_begin+0x85/0x130\n[   70.206017][ T9350]  generic_perform_write+0x3e8/0x1060\n[   70.206519][ T9350]  __generic_file_write_iter+0x215/0x460\n[   70.207042][ T9350]  generic_file_write_iter+0x109/0x5e0\n[   70.207552][ T9350]  vfs_write+0xb0f/0x14e0\n[   70.207961][ T9350]  ksys_write+0x23e/0x490\n[   70.208375][ T9350]  __x64_sys_write+0x97/0xf0\n[   70.208810][ T9350]  x64_sys_call+0x3015/0x3cf0\n[   70.209255][ T9350]  do_syscall_64+0xd9/0x1d0\n[   70.209680][ T9350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.210230][ T9350]\n[   70.210454][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Not tainted 6.12.0-rc5 #5\n[   70.211174][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   70.212115][ T9350] =====================================================\n[   70.212734][ T9350] Disabling lock debugging due to kernel taint\n[   70.213284][ T9350] Kernel panic - not syncing: kmsan.panic set ...\n[   70.213858][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Tainted: G    B              6.12.0-rc5 #5\n[   70.214679][ T9350] Tainted: [B]=BAD_PAGE\n[   70.215057][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   70.215999][ T9350] Call Trace:\n[   70.216309][ T9350]  \u003cTASK\u003e\n[   70.216585][ T9350]  dump_stack_lvl+0x1fd/0x2b0\n[   70.217025][ T9350]  dump_stack+0x1e/0x30\n[   70.217421][ T9350]  panic+0x502/0xca0\n[   70.217803][ T9350]  ? kmsan_get_metadata+0x13e/0x1c0\n\n[   70.218294][ Message fromT sy9350]  kmsan_report+0x296/slogd@syzkaller 0x2aat Aug 18 22:11:058 ...\n kernel\n:[   70.213284][ T9350] Kernel panic - not syncing: kmsan.panic [   70.220179][ T9350]  ? kmsan_get_metadata+0x13e/0x1c0\nset ...\n[   70.221254][ T9350]  ? __msan_warning+0x96/0x120\n[   70.222066][ T9350]  ? __hfsplus_ext_cache_extent+0x7d0/0x990\n[   70.223023][ T9350]  ? hfsplus_file_extend+0x74f/0x1cf0\n[   70.224120][ T9350]  ? hfsplus_get_block+0xe16/0x17b0\n[   70.224946][ T9350]  ? __block_write_begin_int+0x962/0x2ce0\n[   70.225756][ T9350]  ? cont_write_begin+0x1000/0x1950\n[   70.226337][ T9350]  ? hfsplus_write_begin+0x85/0x130\n[   70.226852][ T9350]  ? generic_perform_write+0x3e8/0x1060\n[   70.227405][ T9350]  ? __generic_file_write_iter+0x215/0x460\n[   70.227979][ T9350]  ? generic_file_write_iter+0x109/0x5e0\n[   70.228540][ T9350]  ? vfs_write+0xb0f/0x14e0\n[   70.228997][ T9350]  ? ksys_write+0x23e/0x490\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-04T15:31:33.249Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c1ec90bed504640a42bb20a5f413be39cd17ad71"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8a72692aa42b7dcd179a96b90bc2763ac74576a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c135b8dca65526aa5b8814e9954e0ae317d9c598"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7e313039a8f3a6ee072dc5ff4643234d2d735cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/a5bfb13b4f406aef1a450f99d22d3e48df01528c"
        },
        {
          "url": "https://git.kernel.org/stable/c/99202d94909d323a30d154ab0261c0a07166daec"
        },
        {
          "url": "https://git.kernel.org/stable/c/14c673a2f3ecf650b694a52a88688f1d71849899"
        },
        {
          "url": "https://git.kernel.org/stable/c/4840ceadef4290c56cc422f0fc697655f3cbf070"
        }
      ],
      "title": "hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40244",
    "datePublished": "2025-12-04T15:31:33.249Z",
    "dateReserved": "2025-04-16T07:20:57.181Z",
    "dateUpdated": "2025-12-04T15:31:33.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-38X9-7HC9-22JF

CVE-2025-40244 (GCVE-0-2025-40244)

Tags

Sightings

Nomenclature