CVE-2025-38650
📋 TL;DR
A race condition vulnerability in the Linux kernel's HFS+ filesystem implementation where concurrent file operations can trigger a false warning about mutex locking, potentially causing system instability or denial of service. This affects systems using the HFS+ filesystem driver, primarily Linux servers and workstations.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to triggered warnings disrupting normal operations, leading to denial of service.
Likely Case
System logs flooded with warning messages, potential performance degradation, and false positive alerts from monitoring systems.
If Mitigated
Minor logging noise with no functional impact if warnings are handled gracefully.
🎯 Exploit Status
Requires concurrent file operations on HFS+ filesystem by multiple processes/threads. Discovered through syzbot fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 0807e4ac59a5, 084933961ecd, 14922f0cc92e, 314310166ba1, 5055b7db9411
Vendor Advisory: https://git.kernel.org/stable/c/0807e4ac59a546f2346961c5e26a98901594b205
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid HFS+ filesystem usage
allDo not mount or use HFS+ filesystems until patched
umount /path/to/hfsplus_volume
Remove HFS+ entries from /etc/fstab
🧯 If You Can't Patch
- Monitor system logs for WARNING messages from hfsplus_free_extents
- Implement process controls to limit concurrent file operations on HFS+ volumes
🔍 How to Verify
Check if Vulnerable:
Check if HFS+ filesystem is mounted: mount | grep hfsplusCheck Version:
uname -rVerify Fix Applied:
Check kernel version is patched: uname -r and verify against distribution security advisories📡 Detection & Monitoring
Log Indicators:
- WARNING messages containing 'hfsplus_free_extents' in kernel logs (dmesg, /var/log/kern.log)
Network Indicators:
- None - local filesystem issue
SIEM Query:
source="kernel" AND "hfsplus_free_extents" AND "WARNING"🔗 References
- https://git.kernel.org/stable/c/0807e4ac59a546f2346961c5e26a98901594b205
- https://git.kernel.org/stable/c/084933961ecda7561dedfb78c4676ccb90c91ada
- https://git.kernel.org/stable/c/14922f0cc92e010b160121679c0a6ca072f4e975
- https://git.kernel.org/stable/c/314310166ba1fdff7660dfd9d18ea42d7058f7ae
- https://git.kernel.org/stable/c/5055b7db94110f228961dea6b74eed0a93a50b01
- https://git.kernel.org/stable/c/9764b8bb9f5f94df105cd2ac43829dd0d2c82b9f
- https://git.kernel.org/stable/c/a19ce9230b22a0866313932e7964cf05557a6008
- https://git.kernel.org/stable/c/fcb96956c921f1aae7e7b477f2435c56f77a31b4
- https://git.kernel.org/stable/c/fdd6aca652122d6e97787e88d7dd53ddc8b74e7e
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
