CVE-2025-38712
📋 TL;DR
A vulnerability in the Linux kernel's HFS+ filesystem driver where erroneous volume header values cause the system to incorrectly assume the attributes file doesn't exist, leading to a kernel panic via BUG_ON() when attempting to create it. This affects systems using HFS+ filesystems, primarily Linux servers and workstations. The vulnerability can cause denial of service but doesn't allow arbitrary code execution.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.
Likely Case
System crash when mounting a corrupted HFS+ filesystem, requiring reboot to restore service.
If Mitigated
System returns -EIO error with suggestion to run fsck, preventing crash but causing mount failure.
🎯 Exploit Status
Requires ability to mount a specially crafted HFS+ filesystem with corrupted volume header. No remote exploitation vector identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 03cd1db1494cf930e2fa042c9c13e32bffdb4eba, 1bb8da27ff15e346d4bc9e248e819c9a88ebf9d6, 9046566fa692f88954dac8c510f37ee17a15fdb7, b3359392b75395a31af739a761f48f4041148226, bb0eea8e375677f586ad11c12e2525ed3fc698c2
Vendor Advisory: https://git.kernel.org/stable/c/03cd1db1494cf930e2fa042c9c13e32bffdb4eba
Restart Required: No
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels: apply the relevant commits from kernel git repository. 3. No reboot required if using kernel live patching (kpatch/kgraft).
🔧 Temporary Workarounds
Disable HFS+ module
allPrevent loading of hfsplus kernel module to eliminate attack surface
echo 'blacklist hfsplus' >> /etc/modprobe.d/blacklist.conf
rmmod hfsplus
Avoid mounting HFS+ filesystems
allDo not mount HFS+ volumes from untrusted sources
🧯 If You Can't Patch
- Ensure HFS+ filesystems are only mounted from trusted sources
- Implement monitoring for kernel panic/crash events related to filesystem operations
🔍 How to Verify
Check if Vulnerable:
Check if hfsplus module is loaded: lsmod | grep hfsplus AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or test by attempting to mount a test HFS+ filesystem with corrupted header (not recommended in production)📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages containing 'BUG:' or 'hfsplus'
- System crash/reboot events after mounting filesystems
- Filesystem mount errors with HFS+ volumes
Network Indicators:
- None - local filesystem vulnerability
SIEM Query:
event.source="kernel" AND (message:"BUG:" OR message:"hfsplus" OR message:"kernel panic")🔗 References
- https://git.kernel.org/stable/c/03cd1db1494cf930e2fa042c9c13e32bffdb4eba
- https://git.kernel.org/stable/c/1bb8da27ff15e346d4bc9e248e819c9a88ebf9d6
- https://git.kernel.org/stable/c/9046566fa692f88954dac8c510f37ee17a15fdb7
- https://git.kernel.org/stable/c/b3359392b75395a31af739a761f48f4041148226
- https://git.kernel.org/stable/c/bb0eea8e375677f586ad11c12e2525ed3fc698c2
- https://git.kernel.org/stable/c/c7c6363ca186747ebc2df10c8a1a51e66e0e32d9
- https://git.kernel.org/stable/c/ce5e387f396cbb5c061d9837abcac731e9e06f4d
- https://git.kernel.org/stable/c/d768e3ed430e89a699bf89d3214dcbbf4648c939
- https://git.kernel.org/stable/c/dee5c668ad71ddbcb4b48d95e8a4f371314ad41d
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
