CVE-2025-38713
📋 TL;DR
This is a memory corruption vulnerability in the Linux kernel's HFS+ filesystem driver. A slab-out-of-bounds read in the hfsplus_uni2asc() function can be triggered via hfsplus_readdir(), potentially leading to kernel crashes or information disclosure. Systems using HFS+ filesystems with affected Linux kernel versions are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, denial of service, or potential information disclosure of kernel memory contents.
Likely Case
System crash or kernel panic when reading directories on HFS+ filesystems, causing denial of service.
If Mitigated
Limited impact if HFS+ filesystems are not mounted or accessed.
🎯 Exploit Status
Exploitation requires ability to trigger hfsplus_readdir() on vulnerable HFS+ filesystems.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel commits provided in references (e.g., 13604b1d7e7b125fb428cddbec6b8d92baad25d5)
Vendor Advisory: https://git.kernel.org/stable/c/13604b1d7e7b125fb428cddbec6b8d92baad25d5
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable HFS+ module
linuxPrevent loading of HFS+ filesystem driver if not needed.
echo 'install hfsplus /bin/false' >> /etc/modprobe.d/disable-hfsplus.conf
rmmod hfsplus 2>/dev/null || true
Avoid HFS+ mounts
linuxDo not mount HFS+ filesystems until patched.
🧯 If You Can't Patch
- Restrict access to HFS+ filesystems to trusted users only
- Monitor for kernel panic/crash events related to HFS+ operations
🔍 How to Verify
Check if Vulnerable:
Check if HFS+ module is loaded: lsmod | grep hfsplus. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version. Test reading HFS+ directories if safe.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN reports of slab-out-of-bounds in hfsplus_uni2asc
- System crashes during directory operations
SIEM Query:
kernel:panic OR kernel:BUG: KASAN: slab-out-of-bounds AND hfsplus🔗 References
- https://git.kernel.org/stable/c/13604b1d7e7b125fb428cddbec6b8d92baad25d5
- https://git.kernel.org/stable/c/1ca69007e52a73bd8b84b988b61b319816ca8b01
- https://git.kernel.org/stable/c/291bb5d931c6f3cd7227b913302a17be21cf53b0
- https://git.kernel.org/stable/c/6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9
- https://git.kernel.org/stable/c/73f7da507d787b489761a0fa280716f84fa32b2f
- https://git.kernel.org/stable/c/76a4c6636a69d69409aa253b049b1be717a539c5
- https://git.kernel.org/stable/c/94458781aee6045bd3d0ad4b80b02886b9e2219b
- https://git.kernel.org/stable/c/ccf0ad56a779e6704c0b27f555dec847f50c7557
- https://git.kernel.org/stable/c/f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
