Medium severity5.5NVD Advisory· Published Sep 4, 2025· Updated May 12, 2026

CVE-2025-38712

Description

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()

When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the attributes file is not yet created, which later results in hitting BUG_ON() when hfsplus_create_attributes_file() is called. Replace this BUG_ON() with -EIO error with a message to suggest running fsck tool.

Affected products

Linux/Linuxv5
Range: 3.13

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlnvdMailing ListThird Party Advisory
lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdMailing ListThird Party Advisory
cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd

News mentions

Siemens SIMATIC
CISA Alerts

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000