Login Sign Up

CVE-2025-71230

N/A Unknown
Denial of Service

📋 TL;DR

A memory leak vulnerability exists in the Linux kernel's HFS filesystem implementation where superblock filesystem information isn't properly cleaned up during mount failures. This affects Linux systems using HFS filesystems and could lead to resource exhaustion under specific conditions. The vulnerability requires local access to trigger.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Kernel versions after HFS was converted to new mount API (specific versions not provided in CVE, but likely recent kernels with HFS support)
Operating Systems: Linux distributions with HFS filesystem support
Default Config Vulnerable: ✅ No
Notes: Only affects systems where HFS filesystem support is compiled into the kernel or loaded as a module, and only triggers during specific mount failure scenarios.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Repeated triggering could exhaust kernel memory, potentially causing system instability or denial of service through kernel memory depletion.

🟠

Likely Case

Minor memory leak that accumulates slowly, unlikely to cause noticeable impact in most environments unless HFS mounts are frequently attempted and failing.

🟢

If Mitigated

Minimal impact as memory would be reclaimed during normal system operation and the leak requires specific failure conditions.

🌐 Internet-Facing: LOW - Requires local filesystem access and specific mount failure conditions.
🏢 Internal Only: LOW - Requires local access and specific HFS mount failure scenarios.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Requires local access and ability to trigger HFS mount failures repeatedly. Not a typical security vulnerability but a resource leak.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel commits 399219831514126bc9541e8eadefe02c6fbd9166 and 46c1d56ad321fb024761abd9af61a0cb616cf2f6

Vendor Advisory: https://git.kernel.org/stable/c/399219831514126bc9541e8eadefe02c6fbd9166

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. For distributions: Use package manager (apt/yum/dnf) to update kernel package.

🔧 Temporary Workarounds

Disable HFS module

linux

Prevent loading of HFS filesystem support if not needed

echo 'install hfs /bin/false' >> /etc/modprobe.d/disable-hfs.conf
rmmod hfs

🧯 If You Can't Patch

  • Monitor system memory usage for unusual patterns
  • Restrict local user access to prevent repeated mount attempts

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if HFS support is enabled: 'lsmod | grep hfs' or check kernel config for CONFIG_HFS_FS

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commits: 'uname -r' and verify with distribution's changelog

📡 Detection & Monitoring

Log Indicators:

  • Kernel oom-killer messages
  • System memory exhaustion warnings
  • Failed HFS mount attempts in system logs

Network Indicators:

  • None - local vulnerability only

SIEM Query:

Search for 'oom-killer' or 'Out of memory' events in kernel logs

📊 Metadata

CVE ID: CVE-2025-71230
CVSS v3 Score: N/A (Unknown)
Published: February 18, 2026
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON