cvelistv5 - cve-2025-38713

CVE-2025-38713 (GCVE-0-2025-38713)

Vulnerability from cvelistv5

Published

2025-09-04 15:33

Modified

2025-09-04 15:33

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is capable to crash by calling hfsplus_uni2asc(): [ 667.121659][ T9805] ================================================================== [ 667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10 [ 667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805 [ 667.124578][ T9805] [ 667.124876][ T9805] CPU: 3 UID: 0 PID: 9805 Comm: repro Not tainted 6.16.0-rc3 #1 PREEMPT(full) [ 667.124886][ T9805] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 667.124890][ T9805] Call Trace: [ 667.124893][ T9805] <TASK> [ 667.124896][ T9805] dump_stack_lvl+0x10e/0x1f0 [ 667.124911][ T9805] print_report+0xd0/0x660 [ 667.124920][ T9805] ? __virt_addr_valid+0x81/0x610 [ 667.124928][ T9805] ? __phys_addr+0xe8/0x180 [ 667.124934][ T9805] ? hfsplus_uni2asc+0x902/0xa10 [ 667.124942][ T9805] kasan_report+0xc6/0x100 [ 667.124950][ T9805] ? hfsplus_uni2asc+0x902/0xa10 [ 667.124959][ T9805] hfsplus_uni2asc+0x902/0xa10 [ 667.124966][ T9805] ? hfsplus_bnode_read+0x14b/0x360 [ 667.124974][ T9805] hfsplus_readdir+0x845/0xfc0 [ 667.124984][ T9805] ? __pfx_hfsplus_readdir+0x10/0x10 [ 667.124994][ T9805] ? stack_trace_save+0x8e/0xc0 [ 667.125008][ T9805] ? iterate_dir+0x18b/0xb20 [ 667.125015][ T9805] ? trace_lock_acquire+0x85/0xd0 [ 667.125022][ T9805] ? lock_acquire+0x30/0x80 [ 667.125029][ T9805] ? iterate_dir+0x18b/0xb20 [ 667.125037][ T9805] ? down_read_killable+0x1ed/0x4c0 [ 667.125044][ T9805] ? putname+0x154/0x1a0 [ 667.125051][ T9805] ? __pfx_down_read_killable+0x10/0x10 [ 667.125058][ T9805] ? apparmor_file_permission+0x239/0x3e0 [ 667.125069][ T9805] iterate_dir+0x296/0xb20 [ 667.125076][ T9805] __x64_sys_getdents64+0x13c/0x2c0 [ 667.125084][ T9805] ? __pfx___x64_sys_getdents64+0x10/0x10 [ 667.125091][ T9805] ? __x64_sys_openat+0x141/0x200 [ 667.125126][ T9805] ? __pfx_filldir64+0x10/0x10 [ 667.125134][ T9805] ? do_user_addr_fault+0x7fe/0x12f0 [ 667.125143][ T9805] do_syscall_64+0xc9/0x480 [ 667.125151][ T9805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.125158][ T9805] RIP: 0033:0x7fa8753b2fc9 [ 667.125164][ T9805] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 48 [ 667.125172][ T9805] RSP: 002b:00007ffe96f8e0f8 EFLAGS: 00000217 ORIG_RAX: 00000000000000d9 [ 667.125181][ T9805] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa8753b2fc9 [ 667.125185][ T9805] RDX: 0000000000000400 RSI: 00002000000063c0 RDI: 0000000000000004 [ 667.125190][ T9805] RBP: 00007ffe96f8e110 R08: 00007ffe96f8e110 R09: 00007ffe96f8e110 [ 667.125195][ T9805] R10: 0000000000000000 R11: 0000000000000217 R12: 0000556b1e3b4260 [ 667.125199][ T9805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 667.125207][ T9805] </TASK> [ 667.125210][ T9805] [ 667.145632][ T9805] Allocated by task 9805: [ 667.145991][ T9805] kasan_save_stack+0x20/0x40 [ 667.146352][ T9805] kasan_save_track+0x14/0x30 [ 667.146717][ T9805] __kasan_kmalloc+0xaa/0xb0 [ 667.147065][ T9805] __kmalloc_noprof+0x205/0x550 [ 667.147448][ T9805] hfsplus_find_init+0x95/0x1f0 [ 667.147813][ T9805] hfsplus_readdir+0x220/0xfc0 [ 667.148174][ T9805] iterate_dir+0x296/0xb20 [ 667.148549][ T9805] __x64_sys_getdents64+0x13c/0x2c0 [ 667.148937][ T9805] do_syscall_64+0xc9/0x480 [ 667.149291][ T9805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.149809][ T9805] [ 667.150030][ T9805] The buggy address belongs to the object at ffff88802592f000 [ 667.150030][ T9805] which belongs to the cache kmalloc-2k of size 2048 [ 667.151282][ T9805] The buggy address is located 0 bytes to the right of [ 667.151282][ T9805] allocated 1036-byte region [ffff88802592f000, ffff88802592f40c) [ 667.1 ---truncated---

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/13604b1d7e7b125fb428cddbec6b8d92baad25d5
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/1ca69007e52a73bd8b84b988b61b319816ca8b01
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/291bb5d931c6f3cd7227b913302a17be21cf53b0
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/73f7da507d787b489761a0fa280716f84fa32b2f
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/76a4c6636a69d69409aa253b049b1be717a539c5
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/94458781aee6045bd3d0ad4b80b02886b9e2219b
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ccf0ad56a779e6704c0b27f555dec847f50c7557
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee

Impacted products

Vendor

Product

Version

▼

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/hfsplus/unicode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "73f7da507d787b489761a0fa280716f84fa32b2f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "76a4c6636a69d69409aa253b049b1be717a539c5",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ccf0ad56a779e6704c0b27f555dec847f50c7557",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "13604b1d7e7b125fb428cddbec6b8d92baad25d5",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "291bb5d931c6f3cd7227b913302a17be21cf53b0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1ca69007e52a73bd8b84b988b61b319816ca8b01",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "94458781aee6045bd3d0ad4b80b02886b9e2219b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/hfsplus/unicode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.149",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.103",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.43",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17-rc1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nThe hfsplus_readdir() method is capable to crash by calling\nhfsplus_uni2asc():\n\n[  667.121659][ T9805] ==================================================================\n[  667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10\n[  667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805\n[  667.124578][ T9805]\n[  667.124876][ T9805] CPU: 3 UID: 0 PID: 9805 Comm: repro Not tainted 6.16.0-rc3 #1 PREEMPT(full)\n[  667.124886][ T9805] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[  667.124890][ T9805] Call Trace:\n[  667.124893][ T9805]  \u003cTASK\u003e\n[  667.124896][ T9805]  dump_stack_lvl+0x10e/0x1f0\n[  667.124911][ T9805]  print_report+0xd0/0x660\n[  667.124920][ T9805]  ? __virt_addr_valid+0x81/0x610\n[  667.124928][ T9805]  ? __phys_addr+0xe8/0x180\n[  667.124934][ T9805]  ? hfsplus_uni2asc+0x902/0xa10\n[  667.124942][ T9805]  kasan_report+0xc6/0x100\n[  667.124950][ T9805]  ? hfsplus_uni2asc+0x902/0xa10\n[  667.124959][ T9805]  hfsplus_uni2asc+0x902/0xa10\n[  667.124966][ T9805]  ? hfsplus_bnode_read+0x14b/0x360\n[  667.124974][ T9805]  hfsplus_readdir+0x845/0xfc0\n[  667.124984][ T9805]  ? __pfx_hfsplus_readdir+0x10/0x10\n[  667.124994][ T9805]  ? stack_trace_save+0x8e/0xc0\n[  667.125008][ T9805]  ? iterate_dir+0x18b/0xb20\n[  667.125015][ T9805]  ? trace_lock_acquire+0x85/0xd0\n[  667.125022][ T9805]  ? lock_acquire+0x30/0x80\n[  667.125029][ T9805]  ? iterate_dir+0x18b/0xb20\n[  667.125037][ T9805]  ? down_read_killable+0x1ed/0x4c0\n[  667.125044][ T9805]  ? putname+0x154/0x1a0\n[  667.125051][ T9805]  ? __pfx_down_read_killable+0x10/0x10\n[  667.125058][ T9805]  ? apparmor_file_permission+0x239/0x3e0\n[  667.125069][ T9805]  iterate_dir+0x296/0xb20\n[  667.125076][ T9805]  __x64_sys_getdents64+0x13c/0x2c0\n[  667.125084][ T9805]  ? __pfx___x64_sys_getdents64+0x10/0x10\n[  667.125091][ T9805]  ? __x64_sys_openat+0x141/0x200\n[  667.125126][ T9805]  ? __pfx_filldir64+0x10/0x10\n[  667.125134][ T9805]  ? do_user_addr_fault+0x7fe/0x12f0\n[  667.125143][ T9805]  do_syscall_64+0xc9/0x480\n[  667.125151][ T9805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  667.125158][ T9805] RIP: 0033:0x7fa8753b2fc9\n[  667.125164][ T9805] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 48\n[  667.125172][ T9805] RSP: 002b:00007ffe96f8e0f8 EFLAGS: 00000217 ORIG_RAX: 00000000000000d9\n[  667.125181][ T9805] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa8753b2fc9\n[  667.125185][ T9805] RDX: 0000000000000400 RSI: 00002000000063c0 RDI: 0000000000000004\n[  667.125190][ T9805] RBP: 00007ffe96f8e110 R08: 00007ffe96f8e110 R09: 00007ffe96f8e110\n[  667.125195][ T9805] R10: 0000000000000000 R11: 0000000000000217 R12: 0000556b1e3b4260\n[  667.125199][ T9805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[  667.125207][ T9805]  \u003c/TASK\u003e\n[  667.125210][ T9805]\n[  667.145632][ T9805] Allocated by task 9805:\n[  667.145991][ T9805]  kasan_save_stack+0x20/0x40\n[  667.146352][ T9805]  kasan_save_track+0x14/0x30\n[  667.146717][ T9805]  __kasan_kmalloc+0xaa/0xb0\n[  667.147065][ T9805]  __kmalloc_noprof+0x205/0x550\n[  667.147448][ T9805]  hfsplus_find_init+0x95/0x1f0\n[  667.147813][ T9805]  hfsplus_readdir+0x220/0xfc0\n[  667.148174][ T9805]  iterate_dir+0x296/0xb20\n[  667.148549][ T9805]  __x64_sys_getdents64+0x13c/0x2c0\n[  667.148937][ T9805]  do_syscall_64+0xc9/0x480\n[  667.149291][ T9805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  667.149809][ T9805]\n[  667.150030][ T9805] The buggy address belongs to the object at ffff88802592f000\n[  667.150030][ T9805]  which belongs to the cache kmalloc-2k of size 2048\n[  667.151282][ T9805] The buggy address is located 0 bytes to the right of\n[  667.151282][ T9805]  allocated 1036-byte region [ffff88802592f000, ffff88802592f40c)\n[  667.1\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-04T15:33:03.464Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/73f7da507d787b489761a0fa280716f84fa32b2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/76a4c6636a69d69409aa253b049b1be717a539c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/ccf0ad56a779e6704c0b27f555dec847f50c7557"
        },
        {
          "url": "https://git.kernel.org/stable/c/13604b1d7e7b125fb428cddbec6b8d92baad25d5"
        },
        {
          "url": "https://git.kernel.org/stable/c/291bb5d931c6f3cd7227b913302a17be21cf53b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ca69007e52a73bd8b84b988b61b319816ca8b01"
        },
        {
          "url": "https://git.kernel.org/stable/c/94458781aee6045bd3d0ad4b80b02886b9e2219b"
        }
      ],
      "title": "hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38713",
    "datePublished": "2025-09-04T15:33:03.464Z",
    "dateReserved": "2025-04-16T04:51:24.033Z",
    "dateUpdated": "2025-09-04T15:33:03.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38713\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-04T16:15:40.657\",\"lastModified\":\"2025-09-05T17:47:24.833\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\\n\\nThe hfsplus_readdir() method is capable to crash by calling\\nhfsplus_uni2asc():\\n\\n[  667.121659][ T9805] ==================================================================\\n[  667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10\\n[  667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805\\n[  667.124578][ T9805]\\n[  667.124876][ T9805] CPU: 3 UID: 0 PID: 9805 Comm: repro Not tainted 6.16.0-rc3 #1 PREEMPT(full)\\n[  667.124886][ T9805] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\\n[  667.124890][ T9805] Call Trace:\\n[  667.124893][ T9805]  \u003cTASK\u003e\\n[  667.124896][ T9805]  dump_stack_lvl+0x10e/0x1f0\\n[  667.124911][ T9805]  print_report+0xd0/0x660\\n[  667.124920][ T9805]  ? __virt_addr_valid+0x81/0x610\\n[  667.124928][ T9805]  ? __phys_addr+0xe8/0x180\\n[  667.124934][ T9805]  ? hfsplus_uni2asc+0x902/0xa10\\n[  667.124942][ T9805]  kasan_report+0xc6/0x100\\n[  667.124950][ T9805]  ? hfsplus_uni2asc+0x902/0xa10\\n[  667.124959][ T9805]  hfsplus_uni2asc+0x902/0xa10\\n[  667.124966][ T9805]  ? hfsplus_bnode_read+0x14b/0x360\\n[  667.124974][ T9805]  hfsplus_readdir+0x845/0xfc0\\n[  667.124984][ T9805]  ? __pfx_hfsplus_readdir+0x10/0x10\\n[  667.124994][ T9805]  ? stack_trace_save+0x8e/0xc0\\n[  667.125008][ T9805]  ? iterate_dir+0x18b/0xb20\\n[  667.125015][ T9805]  ? trace_lock_acquire+0x85/0xd0\\n[  667.125022][ T9805]  ? lock_acquire+0x30/0x80\\n[  667.125029][ T9805]  ? iterate_dir+0x18b/0xb20\\n[  667.125037][ T9805]  ? down_read_killable+0x1ed/0x4c0\\n[  667.125044][ T9805]  ? putname+0x154/0x1a0\\n[  667.125051][ T9805]  ? __pfx_down_read_killable+0x10/0x10\\n[  667.125058][ T9805]  ? apparmor_file_permission+0x239/0x3e0\\n[  667.125069][ T9805]  iterate_dir+0x296/0xb20\\n[  667.125076][ T9805]  __x64_sys_getdents64+0x13c/0x2c0\\n[  667.125084][ T9805]  ? __pfx___x64_sys_getdents64+0x10/0x10\\n[  667.125091][ T9805]  ? __x64_sys_openat+0x141/0x200\\n[  667.125126][ T9805]  ? __pfx_filldir64+0x10/0x10\\n[  667.125134][ T9805]  ? do_user_addr_fault+0x7fe/0x12f0\\n[  667.125143][ T9805]  do_syscall_64+0xc9/0x480\\n[  667.125151][ T9805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n[  667.125158][ T9805] RIP: 0033:0x7fa8753b2fc9\\n[  667.125164][ T9805] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 48\\n[  667.125172][ T9805] RSP: 002b:00007ffe96f8e0f8 EFLAGS: 00000217 ORIG_RAX: 00000000000000d9\\n[  667.125181][ T9805] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa8753b2fc9\\n[  667.125185][ T9805] RDX: 0000000000000400 RSI: 00002000000063c0 RDI: 0000000000000004\\n[  667.125190][ T9805] RBP: 00007ffe96f8e110 R08: 00007ffe96f8e110 R09: 00007ffe96f8e110\\n[  667.125195][ T9805] R10: 0000000000000000 R11: 0000000000000217 R12: 0000556b1e3b4260\\n[  667.125199][ T9805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\\n[  667.125207][ T9805]  \u003c/TASK\u003e\\n[  667.125210][ T9805]\\n[  667.145632][ T9805] Allocated by task 9805:\\n[  667.145991][ T9805]  kasan_save_stack+0x20/0x40\\n[  667.146352][ T9805]  kasan_save_track+0x14/0x30\\n[  667.146717][ T9805]  __kasan_kmalloc+0xaa/0xb0\\n[  667.147065][ T9805]  __kmalloc_noprof+0x205/0x550\\n[  667.147448][ T9805]  hfsplus_find_init+0x95/0x1f0\\n[  667.147813][ T9805]  hfsplus_readdir+0x220/0xfc0\\n[  667.148174][ T9805]  iterate_dir+0x296/0xb20\\n[  667.148549][ T9805]  __x64_sys_getdents64+0x13c/0x2c0\\n[  667.148937][ T9805]  do_syscall_64+0xc9/0x480\\n[  667.149291][ T9805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n[  667.149809][ T9805]\\n[  667.150030][ T9805] The buggy address belongs to the object at ffff88802592f000\\n[  667.150030][ T9805]  which belongs to the cache kmalloc-2k of size 2048\\n[  667.151282][ T9805] The buggy address is located 0 bytes to the right of\\n[  667.151282][ T9805]  allocated 1036-byte region [ffff88802592f000, ffff88802592f40c)\\n[  667.1\\n---truncated---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/13604b1d7e7b125fb428cddbec6b8d92baad25d5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1ca69007e52a73bd8b84b988b61b319816ca8b01\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/291bb5d931c6f3cd7227b913302a17be21cf53b0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/73f7da507d787b489761a0fa280716f84fa32b2f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/76a4c6636a69d69409aa253b049b1be717a539c5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/94458781aee6045bd3d0ad4b80b02886b9e2219b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ccf0ad56a779e6704c0b27f555dec847f50c7557\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

ghsa-f84m-84r4-h992

Vulnerability from github

Published

2025-09-05 18:31

Modified

2025-09-05 18:31

Details

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()

The hfsplus_readdir() method is capable to crash by calling hfsplus_uni2asc():

[ 667.121659][ T9805] ================================================================== [ 667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10 [ 667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805 [ 667.124578][ T9805] [ 667.124876][ T9805] CPU: 3 UID: 0 PID: 9805 Comm: repro Not tainted 6.16.0-rc3 #1 PREEMPT(full) [ 667.124886][ T9805] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 667.124890][ T9805] Call Trace: [ 667.124893][ T9805] [ 667.124896][ T9805] dump_stack_lvl+0x10e/0x1f0 [ 667.124911][ T9805] print_report+0xd0/0x660 [ 667.124920][ T9805] ? __virt_addr_valid+0x81/0x610 [ 667.124928][ T9805] ? __phys_addr+0xe8/0x180 [ 667.124934][ T9805] ? hfsplus_uni2asc+0x902/0xa10 [ 667.124942][ T9805] kasan_report+0xc6/0x100 [ 667.124950][ T9805] ? hfsplus_uni2asc+0x902/0xa10 [ 667.124959][ T9805] hfsplus_uni2asc+0x902/0xa10 [ 667.124966][ T9805] ? hfsplus_bnode_read+0x14b/0x360 [ 667.124974][ T9805] hfsplus_readdir+0x845/0xfc0 [ 667.124984][ T9805] ? __pfx_hfsplus_readdir+0x10/0x10 [ 667.124994][ T9805] ? stack_trace_save+0x8e/0xc0 [ 667.125008][ T9805] ? iterate_dir+0x18b/0xb20 [ 667.125015][ T9805] ? trace_lock_acquire+0x85/0xd0 [ 667.125022][ T9805] ? lock_acquire+0x30/0x80 [ 667.125029][ T9805] ? iterate_dir+0x18b/0xb20 [ 667.125037][ T9805] ? down_read_killable+0x1ed/0x4c0 [ 667.125044][ T9805] ? putname+0x154/0x1a0 [ 667.125051][ T9805] ? __pfx_down_read_killable+0x10/0x10 [ 667.125058][ T9805] ? apparmor_file_permission+0x239/0x3e0 [ 667.125069][ T9805] iterate_dir+0x296/0xb20 [ 667.125076][ T9805] __x64_sys_getdents64+0x13c/0x2c0 [ 667.125084][ T9805] ? __pfxx64sys_getdents64+0x10/0x10 [ 667.125091][ T9805] ? x64_sys_openat+0x141/0x200 [ 667.125126][ T9805] ? __pfx_filldir64+0x10/0x10 [ 667.125134][ T9805] ? do_user_addr_fault+0x7fe/0x12f0 [ 667.125143][ T9805] do_syscall_64+0xc9/0x480 [ 667.125151][ T9805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.125158][ T9805] RIP: 0033:0x7fa8753b2fc9 [ 667.125164][ T9805] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 48 [ 667.125172][ T9805] RSP: 002b:00007ffe96f8e0f8 EFLAGS: 00000217 ORIG_RAX: 00000000000000d9 [ 667.125181][ T9805] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa8753b2fc9 [ 667.125185][ T9805] RDX: 0000000000000400 RSI: 00002000000063c0 RDI: 0000000000000004 [ 667.125190][ T9805] RBP: 00007ffe96f8e110 R08: 00007ffe96f8e110 R09: 00007ffe96f8e110 [ 667.125195][ T9805] R10: 0000000000000000 R11: 0000000000000217 R12: 0000556b1e3b4260 [ 667.125199][ T9805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 667.125207][ T9805] [ 667.125210][ T9805] [ 667.145632][ T9805] Allocated by task 9805: [ 667.145991][ T9805] kasan_save_stack+0x20/0x40 [ 667.146352][ T9805] kasan_save_track+0x14/0x30 [ 667.146717][ T9805] __kasan_kmalloc+0xaa/0xb0 [ 667.147065][ T9805] __kmalloc_noprof+0x205/0x550 [ 667.147448][ T9805] hfsplus_find_init+0x95/0x1f0 [ 667.147813][ T9805] hfsplus_readdir+0x220/0xfc0 [ 667.148174][ T9805] iterate_dir+0x296/0xb20 [ 667.148549][ T9805] __x64_sys_getdents64+0x13c/0x2c0 [ 667.148937][ T9805] do_syscall_64+0xc9/0x480 [ 667.149291][ T9805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.149809][ T9805] [ 667.150030][ T9805] The buggy address belongs to the object at ffff88802592f000 [ 667.150030][ T9805] which belongs to the cache kmalloc-2k of size 2048 [ 667.151282][ T9805] The buggy address is located 0 bytes to the right of [ 667.151282][ T9805] allocated 1036-byte region [ffff88802592f000, ffff88802592f40c) [ 667.1 ---truncated---

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-38713"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-04T16:15:40Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nThe hfsplus_readdir() method is capable to crash by calling\nhfsplus_uni2asc():\n\n[  667.121659][ T9805] ==================================================================\n[  667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10\n[  667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805\n[  667.124578][ T9805]\n[  667.124876][ T9805] CPU: 3 UID: 0 PID: 9805 Comm: repro Not tainted 6.16.0-rc3 #1 PREEMPT(full)\n[  667.124886][ T9805] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[  667.124890][ T9805] Call Trace:\n[  667.124893][ T9805]  \u003cTASK\u003e\n[  667.124896][ T9805]  dump_stack_lvl+0x10e/0x1f0\n[  667.124911][ T9805]  print_report+0xd0/0x660\n[  667.124920][ T9805]  ? __virt_addr_valid+0x81/0x610\n[  667.124928][ T9805]  ? __phys_addr+0xe8/0x180\n[  667.124934][ T9805]  ? hfsplus_uni2asc+0x902/0xa10\n[  667.124942][ T9805]  kasan_report+0xc6/0x100\n[  667.124950][ T9805]  ? hfsplus_uni2asc+0x902/0xa10\n[  667.124959][ T9805]  hfsplus_uni2asc+0x902/0xa10\n[  667.124966][ T9805]  ? hfsplus_bnode_read+0x14b/0x360\n[  667.124974][ T9805]  hfsplus_readdir+0x845/0xfc0\n[  667.124984][ T9805]  ? __pfx_hfsplus_readdir+0x10/0x10\n[  667.124994][ T9805]  ? stack_trace_save+0x8e/0xc0\n[  667.125008][ T9805]  ? iterate_dir+0x18b/0xb20\n[  667.125015][ T9805]  ? trace_lock_acquire+0x85/0xd0\n[  667.125022][ T9805]  ? lock_acquire+0x30/0x80\n[  667.125029][ T9805]  ? iterate_dir+0x18b/0xb20\n[  667.125037][ T9805]  ? down_read_killable+0x1ed/0x4c0\n[  667.125044][ T9805]  ? putname+0x154/0x1a0\n[  667.125051][ T9805]  ? __pfx_down_read_killable+0x10/0x10\n[  667.125058][ T9805]  ? apparmor_file_permission+0x239/0x3e0\n[  667.125069][ T9805]  iterate_dir+0x296/0xb20\n[  667.125076][ T9805]  __x64_sys_getdents64+0x13c/0x2c0\n[  667.125084][ T9805]  ? __pfx___x64_sys_getdents64+0x10/0x10\n[  667.125091][ T9805]  ? __x64_sys_openat+0x141/0x200\n[  667.125126][ T9805]  ? __pfx_filldir64+0x10/0x10\n[  667.125134][ T9805]  ? do_user_addr_fault+0x7fe/0x12f0\n[  667.125143][ T9805]  do_syscall_64+0xc9/0x480\n[  667.125151][ T9805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  667.125158][ T9805] RIP: 0033:0x7fa8753b2fc9\n[  667.125164][ T9805] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 48\n[  667.125172][ T9805] RSP: 002b:00007ffe96f8e0f8 EFLAGS: 00000217 ORIG_RAX: 00000000000000d9\n[  667.125181][ T9805] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa8753b2fc9\n[  667.125185][ T9805] RDX: 0000000000000400 RSI: 00002000000063c0 RDI: 0000000000000004\n[  667.125190][ T9805] RBP: 00007ffe96f8e110 R08: 00007ffe96f8e110 R09: 00007ffe96f8e110\n[  667.125195][ T9805] R10: 0000000000000000 R11: 0000000000000217 R12: 0000556b1e3b4260\n[  667.125199][ T9805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[  667.125207][ T9805]  \u003c/TASK\u003e\n[  667.125210][ T9805]\n[  667.145632][ T9805] Allocated by task 9805:\n[  667.145991][ T9805]  kasan_save_stack+0x20/0x40\n[  667.146352][ T9805]  kasan_save_track+0x14/0x30\n[  667.146717][ T9805]  __kasan_kmalloc+0xaa/0xb0\n[  667.147065][ T9805]  __kmalloc_noprof+0x205/0x550\n[  667.147448][ T9805]  hfsplus_find_init+0x95/0x1f0\n[  667.147813][ T9805]  hfsplus_readdir+0x220/0xfc0\n[  667.148174][ T9805]  iterate_dir+0x296/0xb20\n[  667.148549][ T9805]  __x64_sys_getdents64+0x13c/0x2c0\n[  667.148937][ T9805]  do_syscall_64+0xc9/0x480\n[  667.149291][ T9805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  667.149809][ T9805]\n[  667.150030][ T9805] The buggy address belongs to the object at ffff88802592f000\n[  667.150030][ T9805]  which belongs to the cache kmalloc-2k of size 2048\n[  667.151282][ T9805] The buggy address is located 0 bytes to the right of\n[  667.151282][ T9805]  allocated 1036-byte region [ffff88802592f000, ffff88802592f40c)\n[  667.1\n---truncated---",
  "id": "GHSA-f84m-84r4-h992",
  "modified": "2025-09-05T18:31:17Z",
  "published": "2025-09-05T18:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38713"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/13604b1d7e7b125fb428cddbec6b8d92baad25d5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1ca69007e52a73bd8b84b988b61b319816ca8b01"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/291bb5d931c6f3cd7227b913302a17be21cf53b0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/73f7da507d787b489761a0fa280716f84fa32b2f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/76a4c6636a69d69409aa253b049b1be717a539c5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/94458781aee6045bd3d0ad4b80b02886b9e2219b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ccf0ad56a779e6704c0b27f555dec847f50c7557"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

wid-sec-w-2025-1976

Vulnerability from csaf_certbund

Published

2025-09-04 22:00

Modified

2025-09-09 22:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder andere nicht spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder andere nicht spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1976 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1976.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1976 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1976"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38679",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090443-CVE-2025-38679-be66@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38680",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090445-CVE-2025-38680-cce6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38681",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090446-CVE-2025-38681-db66@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38682",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090446-CVE-2025-38682-a90a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38683",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090446-CVE-2025-38683-573c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38684",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090447-CVE-2025-38684-db4c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38685",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090447-CVE-2025-38685-d633@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38686",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090447-CVE-2025-38686-281b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38687",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090448-CVE-2025-38687-564a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38688",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090448-CVE-2025-38688-6e94@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38689",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090448-CVE-2025-38689-ac95@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38690",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090449-CVE-2025-38690-ea6c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38691",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090449-CVE-2025-38691-8a2e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38692",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090450-CVE-2025-38692-90f5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38693",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090450-CVE-2025-38693-aeb5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38694",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090450-CVE-2025-38694-056d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38695",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090451-CVE-2025-38695-f491@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38696",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090451-CVE-2025-38696-4ec2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38697",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090451-CVE-2025-38697-b37e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38698",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090452-CVE-2025-38698-e0e3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38699",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090452-CVE-2025-38699-9ca5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38700",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090452-CVE-2025-38700-0c1b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38701",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090453-CVE-2025-38701-691e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38702",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090453-CVE-2025-38702-0b09@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38703",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090453-CVE-2025-38703-2f5c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38704",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090454-CVE-2025-38704-4353@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38705",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090454-CVE-2025-38705-7cd6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38706",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090455-CVE-2025-38706-da55@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38707",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090455-CVE-2025-38707-5808@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38708",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090455-CVE-2025-38708-6792@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38709",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090456-CVE-2025-38709-f62c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38710",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090456-CVE-2025-38710-1b60@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38711",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090456-CVE-2025-38711-b653@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38712",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090457-CVE-2025-38712-6273@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38713",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090457-CVE-2025-38713-dc89@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38714",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090457-CVE-2025-38714-36f0@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38715",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090458-CVE-2025-38715-8464@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38716",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090458-CVE-2025-38716-4971@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38717",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090459-CVE-2025-38717-fbf6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38718",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090459-CVE-2025-38718-5bb6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38719",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090459-CVE-2025-38719-16b4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38720",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090400-CVE-2025-38720-a45e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38721",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090400-CVE-2025-38721-e31a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38722",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090400-CVE-2025-38722-de5f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38723",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090401-CVE-2025-38723-18f0@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38724",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090401-CVE-2025-38724-5309@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38725",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090401-CVE-2025-38725-eb3f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38726",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090402-CVE-2025-38726-e4a8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38727",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090402-CVE-2025-38727-a22c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38728",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090402-CVE-2025-38728-191d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38729",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090403-CVE-2025-38729-ca88@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38730",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090403-CVE-2025-38730-f2e6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2025-09-09",
        "url": "https://msrc.microsoft.com/update-guide/"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2025-09-09T22:00:00.000+00:00",
      "generator": {
        "date": "2025-09-10T05:06:40.011+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1976",
      "initial_release_date": "2025-09-04T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-09-04T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-09-07T22:00:00.000+00:00",
          "number": "2",
          "summary": "Produktzuordnung \u00fcberpr\u00fcft, CPE korrigiert"
        },
        {
          "date": "2025-09-09T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Linux Kernel \u003c6.6.96.2-1 on Linux 3.0",
                "product": {
                  "name": "Microsoft Azure Linux Kernel \u003c6.6.96.2-1 on Linux 3.0",
                  "product_id": "T046805"
                }
              },
              {
                "category": "product_version",
                "name": "Linux Kernel 6.6.96.2-1 on Linux 3.0",
                "product": {
                  "name": "Microsoft Azure Linux Kernel 6.6.96.2-1 on Linux 3.0",
                  "product_id": "T046805-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:linux_kernel__6.6.96.2-1_on_linux_3.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Azure"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "6368",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-38679",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38679"
    },
    {
      "cve": "CVE-2025-38680",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38680"
    },
    {
      "cve": "CVE-2025-38681",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38681"
    },
    {
      "cve": "CVE-2025-38682",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38682"
    },
    {
      "cve": "CVE-2025-38683",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38683"
    },
    {
      "cve": "CVE-2025-38684",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38684"
    },
    {
      "cve": "CVE-2025-38685",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38685"
    },
    {
      "cve": "CVE-2025-38686",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38686"
    },
    {
      "cve": "CVE-2025-38687",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38687"
    },
    {
      "cve": "CVE-2025-38688",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38688"
    },
    {
      "cve": "CVE-2025-38689",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38689"
    },
    {
      "cve": "CVE-2025-38690",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38690"
    },
    {
      "cve": "CVE-2025-38691",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38691"
    },
    {
      "cve": "CVE-2025-38692",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38692"
    },
    {
      "cve": "CVE-2025-38693",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38693"
    },
    {
      "cve": "CVE-2025-38694",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38694"
    },
    {
      "cve": "CVE-2025-38695",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38695"
    },
    {
      "cve": "CVE-2025-38696",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38696"
    },
    {
      "cve": "CVE-2025-38697",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38697"
    },
    {
      "cve": "CVE-2025-38698",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38698"
    },
    {
      "cve": "CVE-2025-38699",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38699"
    },
    {
      "cve": "CVE-2025-38700",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38700"
    },
    {
      "cve": "CVE-2025-38701",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38701"
    },
    {
      "cve": "CVE-2025-38702",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38702"
    },
    {
      "cve": "CVE-2025-38703",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38703"
    },
    {
      "cve": "CVE-2025-38704",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38704"
    },
    {
      "cve": "CVE-2025-38705",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38705"
    },
    {
      "cve": "CVE-2025-38706",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38706"
    },
    {
      "cve": "CVE-2025-38707",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38707"
    },
    {
      "cve": "CVE-2025-38708",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38708"
    },
    {
      "cve": "CVE-2025-38709",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38709"
    },
    {
      "cve": "CVE-2025-38710",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38710"
    },
    {
      "cve": "CVE-2025-38711",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38711"
    },
    {
      "cve": "CVE-2025-38712",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38712"
    },
    {
      "cve": "CVE-2025-38713",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38713"
    },
    {
      "cve": "CVE-2025-38714",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38714"
    },
    {
      "cve": "CVE-2025-38715",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38715"
    },
    {
      "cve": "CVE-2025-38716",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38716"
    },
    {
      "cve": "CVE-2025-38717",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38717"
    },
    {
      "cve": "CVE-2025-38718",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38718"
    },
    {
      "cve": "CVE-2025-38719",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38719"
    },
    {
      "cve": "CVE-2025-38720",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38720"
    },
    {
      "cve": "CVE-2025-38721",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38721"
    },
    {
      "cve": "CVE-2025-38722",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38722"
    },
    {
      "cve": "CVE-2025-38723",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38723"
    },
    {
      "cve": "CVE-2025-38724",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38724"
    },
    {
      "cve": "CVE-2025-38725",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38725"
    },
    {
      "cve": "CVE-2025-38726",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38726"
    },
    {
      "cve": "CVE-2025-38727",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38727"
    },
    {
      "cve": "CVE-2025-38728",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38728"
    },
    {
      "cve": "CVE-2025-38729",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38729"
    },
    {
      "cve": "CVE-2025-38730",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38730"
    }
  ]
}

fkie_cve-2025-38713

Vulnerability from fkie_nvd

Published

2025-09-04 16:15

Modified

2025-09-05 17:47

Severity ?

Summary

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/13604b1d7e7b125fb428cddbec6b8d92baad25d5
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/1ca69007e52a73bd8b84b988b61b319816ca8b01
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/291bb5d931c6f3cd7227b913302a17be21cf53b0
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/73f7da507d787b489761a0fa280716f84fa32b2f
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/76a4c6636a69d69409aa253b049b1be717a539c5
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/94458781aee6045bd3d0ad4b80b02886b9e2219b
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ccf0ad56a779e6704c0b27f555dec847f50c7557
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nThe hfsplus_readdir() method is capable to crash by calling\nhfsplus_uni2asc():\n\n[  667.121659][ T9805] ==================================================================\n[  667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10\n[  667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805\n[  667.124578][ T9805]\n[  667.124876][ T9805] CPU: 3 UID: 0 PID: 9805 Comm: repro Not tainted 6.16.0-rc3 #1 PREEMPT(full)\n[  667.124886][ T9805] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[  667.124890][ T9805] Call Trace:\n[  667.124893][ T9805]  \u003cTASK\u003e\n[  667.124896][ T9805]  dump_stack_lvl+0x10e/0x1f0\n[  667.124911][ T9805]  print_report+0xd0/0x660\n[  667.124920][ T9805]  ? __virt_addr_valid+0x81/0x610\n[  667.124928][ T9805]  ? __phys_addr+0xe8/0x180\n[  667.124934][ T9805]  ? hfsplus_uni2asc+0x902/0xa10\n[  667.124942][ T9805]  kasan_report+0xc6/0x100\n[  667.124950][ T9805]  ? hfsplus_uni2asc+0x902/0xa10\n[  667.124959][ T9805]  hfsplus_uni2asc+0x902/0xa10\n[  667.124966][ T9805]  ? hfsplus_bnode_read+0x14b/0x360\n[  667.124974][ T9805]  hfsplus_readdir+0x845/0xfc0\n[  667.124984][ T9805]  ? __pfx_hfsplus_readdir+0x10/0x10\n[  667.124994][ T9805]  ? stack_trace_save+0x8e/0xc0\n[  667.125008][ T9805]  ? iterate_dir+0x18b/0xb20\n[  667.125015][ T9805]  ? trace_lock_acquire+0x85/0xd0\n[  667.125022][ T9805]  ? lock_acquire+0x30/0x80\n[  667.125029][ T9805]  ? iterate_dir+0x18b/0xb20\n[  667.125037][ T9805]  ? down_read_killable+0x1ed/0x4c0\n[  667.125044][ T9805]  ? putname+0x154/0x1a0\n[  667.125051][ T9805]  ? __pfx_down_read_killable+0x10/0x10\n[  667.125058][ T9805]  ? apparmor_file_permission+0x239/0x3e0\n[  667.125069][ T9805]  iterate_dir+0x296/0xb20\n[  667.125076][ T9805]  __x64_sys_getdents64+0x13c/0x2c0\n[  667.125084][ T9805]  ? __pfx___x64_sys_getdents64+0x10/0x10\n[  667.125091][ T9805]  ? __x64_sys_openat+0x141/0x200\n[  667.125126][ T9805]  ? __pfx_filldir64+0x10/0x10\n[  667.125134][ T9805]  ? do_user_addr_fault+0x7fe/0x12f0\n[  667.125143][ T9805]  do_syscall_64+0xc9/0x480\n[  667.125151][ T9805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  667.125158][ T9805] RIP: 0033:0x7fa8753b2fc9\n[  667.125164][ T9805] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 48\n[  667.125172][ T9805] RSP: 002b:00007ffe96f8e0f8 EFLAGS: 00000217 ORIG_RAX: 00000000000000d9\n[  667.125181][ T9805] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa8753b2fc9\n[  667.125185][ T9805] RDX: 0000000000000400 RSI: 00002000000063c0 RDI: 0000000000000004\n[  667.125190][ T9805] RBP: 00007ffe96f8e110 R08: 00007ffe96f8e110 R09: 00007ffe96f8e110\n[  667.125195][ T9805] R10: 0000000000000000 R11: 0000000000000217 R12: 0000556b1e3b4260\n[  667.125199][ T9805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[  667.125207][ T9805]  \u003c/TASK\u003e\n[  667.125210][ T9805]\n[  667.145632][ T9805] Allocated by task 9805:\n[  667.145991][ T9805]  kasan_save_stack+0x20/0x40\n[  667.146352][ T9805]  kasan_save_track+0x14/0x30\n[  667.146717][ T9805]  __kasan_kmalloc+0xaa/0xb0\n[  667.147065][ T9805]  __kmalloc_noprof+0x205/0x550\n[  667.147448][ T9805]  hfsplus_find_init+0x95/0x1f0\n[  667.147813][ T9805]  hfsplus_readdir+0x220/0xfc0\n[  667.148174][ T9805]  iterate_dir+0x296/0xb20\n[  667.148549][ T9805]  __x64_sys_getdents64+0x13c/0x2c0\n[  667.148937][ T9805]  do_syscall_64+0xc9/0x480\n[  667.149291][ T9805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  667.149809][ T9805]\n[  667.150030][ T9805] The buggy address belongs to the object at ffff88802592f000\n[  667.150030][ T9805]  which belongs to the cache kmalloc-2k of size 2048\n[  667.151282][ T9805] The buggy address is located 0 bytes to the right of\n[  667.151282][ T9805]  allocated 1036-byte region [ffff88802592f000, ffff88802592f40c)\n[  667.1\n---truncated---"
    }
  ],
  "id": "CVE-2025-38713",
  "lastModified": "2025-09-05T17:47:24.833",
  "metrics": {},
  "published": "2025-09-04T16:15:40.657",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/13604b1d7e7b125fb428cddbec6b8d92baad25d5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1ca69007e52a73bd8b84b988b61b319816ca8b01"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/291bb5d931c6f3cd7227b913302a17be21cf53b0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/73f7da507d787b489761a0fa280716f84fa32b2f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/76a4c6636a69d69409aa253b049b1be717a539c5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/94458781aee6045bd3d0ad4b80b02886b9e2219b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ccf0ad56a779e6704c0b27f555dec847f50c7557"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-38713 (GCVE-0-2025-38713)

Vulnerability from cvelistv5

ghsa-f84m-84r4-h992

Vulnerability from github

wid-sec-w-2025-1976

Vulnerability from csaf_certbund

fkie_cve-2025-38713

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature