CVE-2025-38715
Description
In the Linux kernel, the following vulnerability has been resolved:
hfs: fix slab-out-of-bounds in hfs_bnode_read()
This patch introduces is_bnode_offset_valid() method that checks the requested offset value. Also, it introduces check_and_correct_requested_length() method that checks and correct the requested length (if it is necessary). These methods are used in hfs_bnode_read(), hfs_bnode_write(), hfs_bnode_clear(), hfs_bnode_copy(), and hfs_bnode_move() with the goal to prevent the access out of allocated memory and triggering the crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A slab-out-of-bounds vulnerability in Linux kernel's HFS filesystem (hfs_bnode_read) allows out-of-bounds memory access, fixed by adding offset and length validation.
Vulnerability
Details
The Linux kernel's HFS filesystem implementation contains a slab-out-of-bounds vulnerability in the hfs_bnode_read() function. The issue arises because the function does not validate the offset and length parameters before accessing the bnode data buffer, potentially leading to reads beyond the allocated memory. The fix introduces two new helper functions: is_bnode_offset_valid() checks the requested offset, and check_and_correct_requested_length() ensures the length does not exceed the buffer boundaries.
Exploitation
An attacker could exploit this vulnerability by mounting a specially crafted HFS filesystem image that triggers an out-of-bounds read when the kernel attempts to read a bnode with an invalid offset or length. The attack requires the ability to mount a malicious HFS filesystem, which typically necessitates local access or the ability to insert a storage device.
Impact
Successful exploitation could lead to a kernel crash (denial of service) or potentially information disclosure if the out-of-bounds read accesses sensitive kernel memory. The CVSS score of 7.1 (High) reflects the potential for significant impact.
Mitigation
The fix has been committed to the Linux kernel stable tree. Users should update to the latest kernel version containing the patch. This vulnerability is also listed in Siemens advisory SSA-032379 [1], which identifies affected Siemens products such as SIMATIC CN 4100.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linux/Linuxv5Range: 2.6.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- git.kernel.org/stable/c/384a66b89f9540a9a8cb0f48807697dfabaece4cnvdPatch
- git.kernel.org/stable/c/67ecc81f6492275c9c54280532f558483c99c90envdPatch
- git.kernel.org/stable/c/a1a60e79502279f996e55052f50cc14919020475nvdPatch
- git.kernel.org/stable/c/a431930c9bac518bf99d6b1da526a7f37ddee8d8nvdPatch
- git.kernel.org/stable/c/e7d2dc2421e821e4045775e6dc226378328de6f6nvdPatch
- git.kernel.org/stable/c/eec522fd0d28106b14a59ab2d658605febe4a3bbnvdPatch
- git.kernel.org/stable/c/efc095b35b23297e419c2ab4fc1ed1a8f0781a29nvdPatch
- git.kernel.org/stable/c/fc7f732984ec91f30be3e574e0644066d07f2b78nvdPatch
- git.kernel.org/stable/c/fe2891a9c43ab87d1a210d61e6438ca6936e2f62nvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdMailing ListThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
News mentions
1- Siemens SIMATICCISA Alerts