CVE-2025-38716
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
04/09/2025
Last modified:
25/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
hfs: fix general protection fault in hfs_find_init()<br />
<br />
The hfs_find_init() method can trigger the crash<br />
if tree pointer is NULL:<br />
<br />
[ 45.746290][ T9787] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] SMP KAI<br />
[ 45.747287][ T9787] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]<br />
[ 45.748716][ T9787] CPU: 2 UID: 0 PID: 9787 Comm: repro Not tainted 6.16.0-rc3 #10 PREEMPT(full)<br />
[ 45.750250][ T9787] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014<br />
[ 45.751983][ T9787] RIP: 0010:hfs_find_init+0x86/0x230<br />
[ 45.752834][ T9787] Code: c1 ea 03 80 3c 02 00 0f 85 9a 01 00 00 4c 8d 6b 40 48 c7 45 18 00 00 00 00 48 b8 00 00 00 00 00 fc<br />
[ 45.755574][ T9787] RSP: 0018:ffffc90015157668 EFLAGS: 00010202<br />
[ 45.756432][ T9787] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff819a4d09<br />
[ 45.757457][ T9787] RDX: 0000000000000008 RSI: ffffffff819acd3a RDI: ffffc900151576e8<br />
[ 45.758282][ T9787] RBP: ffffc900151576d0 R08: 0000000000000005 R09: 0000000000000000<br />
[ 45.758943][ T9787] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000004<br />
[ 45.759619][ T9787] R13: 0000000000000040 R14: ffff88802c50814a R15: 0000000000000000<br />
[ 45.760293][ T9787] FS: 00007ffb72734540(0000) GS:ffff8880cec64000(0000) knlGS:0000000000000000<br />
[ 45.761050][ T9787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
[ 45.761606][ T9787] CR2: 00007f9bd8225000 CR3: 000000010979a000 CR4: 00000000000006f0<br />
[ 45.762286][ T9787] Call Trace:<br />
[ 45.762570][ T9787] <br />
[ 45.762824][ T9787] hfs_ext_read_extent+0x190/0x9d0<br />
[ 45.763269][ T9787] ? submit_bio_noacct_nocheck+0x2dd/0xce0<br />
[ 45.763766][ T9787] ? __pfx_hfs_ext_read_extent+0x10/0x10<br />
[ 45.764250][ T9787] hfs_get_block+0x55f/0x830<br />
[ 45.764646][ T9787] block_read_full_folio+0x36d/0x850<br />
[ 45.765105][ T9787] ? __pfx_hfs_get_block+0x10/0x10<br />
[ 45.765541][ T9787] ? const_folio_flags+0x5b/0x100<br />
[ 45.765972][ T9787] ? __pfx_hfs_read_folio+0x10/0x10<br />
[ 45.766415][ T9787] filemap_read_folio+0xbe/0x290<br />
[ 45.766840][ T9787] ? __pfx_filemap_read_folio+0x10/0x10<br />
[ 45.767325][ T9787] ? __filemap_get_folio+0x32b/0xbf0<br />
[ 45.767780][ T9787] do_read_cache_folio+0x263/0x5c0<br />
[ 45.768223][ T9787] ? __pfx_hfs_read_folio+0x10/0x10<br />
[ 45.768666][ T9787] read_cache_page+0x5b/0x160<br />
[ 45.769070][ T9787] hfs_btree_open+0x491/0x1740<br />
[ 45.769481][ T9787] hfs_mdb_get+0x15e2/0x1fb0<br />
[ 45.769877][ T9787] ? __pfx_hfs_mdb_get+0x10/0x10<br />
[ 45.770316][ T9787] ? find_held_lock+0x2b/0x80<br />
[ 45.770731][ T9787] ? lockdep_init_map_type+0x5c/0x280<br />
[ 45.771200][ T9787] ? lockdep_init_map_type+0x5c/0x280<br />
[ 45.771674][ T9787] hfs_fill_super+0x38e/0x720<br />
[ 45.772092][ T9787] ? __pfx_hfs_fill_super+0x10/0x10<br />
[ 45.772549][ T9787] ? snprintf+0xbe/0x100<br />
[ 45.772931][ T9787] ? __pfx_snprintf+0x10/0x10<br />
[ 45.773350][ T9787] ? do_raw_spin_lock+0x129/0x2b0<br />
[ 45.773796][ T9787] ? find_held_lock+0x2b/0x80<br />
[ 45.774215][ T9787] ? set_blocksize+0x40a/0x510<br />
[ 45.774636][ T9787] ? sb_set_blocksize+0x176/0x1d0<br />
[ 45.775087][ T9787] ? setup_bdev_super+0x369/0x730<br />
[ 45.775533][ T9787] get_tree_bdev_flags+0x384/0x620<br />
[ 45.775985][ T9787] ? __pfx_hfs_fill_super+0x10/0x10<br />
[ 45.776453][ T9787] ? __pfx_get_tree_bdev_flags+0x10/0x10<br />
[ 45.776950][ T9787] ? bpf_lsm_capable+0x9/0x10<br />
[ 45.777365][ T9787] ? security_capable+0x80/0x260<br />
[ 45.777803][ T9787] vfs_get_tree+0x8e/0x340<br />
[ 45.778203][ T9787] path_mount+0x13de/0x2010<br />
[ 45.778604][ T9787] ? kmem_cache_free+0x2b0/0x4c0<br />
[ 45.779052][ T9787] ? __pfx_path_mount+0x10/0x10<br />
[ 45.779480][ T9787] ? getname_flags.part.0+0x1c5/0x550<br />
[ 45.779954][ T9787] ? putname+0x154/0x1a0<br />
[ 45.780335][ T9787] __x64_sys_mount+0x27b/0x300<br />
[ 45.780758][ T9787] ? __pfx___x64_sys_mount+0x10/0x10<br />
[ 45.781232][ T9787] <br />
---truncated---
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.6.103 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.43 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.16 (including) | 6.16.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/4f032979b63ad52e08aadf0faeac34ed35133ec0
- https://git.kernel.org/stable/c/5d8b249527362e0ccafcaf76b3bec2a0d2aa1498
- https://git.kernel.org/stable/c/6e20e10064fdc43231636fca519c15c013a8e3d6
- https://git.kernel.org/stable/c/736a0516a16268995f4898eded49bfef077af709
- https://git.kernel.org/stable/c/b918c17a1934ac6309b0083f41d4e9d8fb3bb46c