{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38716","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.033Z","datePublished":"2025-09-04T15:33:10.875Z","dateUpdated":"2026-05-11T21:33:36.237Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:33:36.237Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix general protection fault in hfs_find_init()\n\nThe hfs_find_init() method can trigger the crash\nif tree pointer is NULL:\n\n[   45.746290][ T9787] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] SMP KAI\n[   45.747287][ T9787] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]\n[   45.748716][ T9787] CPU: 2 UID: 0 PID: 9787 Comm: repro Not tainted 6.16.0-rc3 #10 PREEMPT(full)\n[   45.750250][ T9787] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   45.751983][ T9787] RIP: 0010:hfs_find_init+0x86/0x230\n[   45.752834][ T9787] Code: c1 ea 03 80 3c 02 00 0f 85 9a 01 00 00 4c 8d 6b 40 48 c7 45 18 00 00 00 00 48 b8 00 00 00 00 00 fc\n[   45.755574][ T9787] RSP: 0018:ffffc90015157668 EFLAGS: 00010202\n[   45.756432][ T9787] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff819a4d09\n[   45.757457][ T9787] RDX: 0000000000000008 RSI: ffffffff819acd3a RDI: ffffc900151576e8\n[   45.758282][ T9787] RBP: ffffc900151576d0 R08: 0000000000000005 R09: 0000000000000000\n[   45.758943][ T9787] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000004\n[   45.759619][ T9787] R13: 0000000000000040 R14: ffff88802c50814a R15: 0000000000000000\n[   45.760293][ T9787] FS:  00007ffb72734540(0000) GS:ffff8880cec64000(0000) knlGS:0000000000000000\n[   45.761050][ T9787] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   45.761606][ T9787] CR2: 00007f9bd8225000 CR3: 000000010979a000 CR4: 00000000000006f0\n[   45.762286][ T9787] Call Trace:\n[   45.762570][ T9787]  <TASK>\n[   45.762824][ T9787]  hfs_ext_read_extent+0x190/0x9d0\n[   45.763269][ T9787]  ? submit_bio_noacct_nocheck+0x2dd/0xce0\n[   45.763766][ T9787]  ? __pfx_hfs_ext_read_extent+0x10/0x10\n[   45.764250][ T9787]  hfs_get_block+0x55f/0x830\n[   45.764646][ T9787]  block_read_full_folio+0x36d/0x850\n[   45.765105][ T9787]  ? __pfx_hfs_get_block+0x10/0x10\n[   45.765541][ T9787]  ? const_folio_flags+0x5b/0x100\n[   45.765972][ T9787]  ? __pfx_hfs_read_folio+0x10/0x10\n[   45.766415][ T9787]  filemap_read_folio+0xbe/0x290\n[   45.766840][ T9787]  ? __pfx_filemap_read_folio+0x10/0x10\n[   45.767325][ T9787]  ? __filemap_get_folio+0x32b/0xbf0\n[   45.767780][ T9787]  do_read_cache_folio+0x263/0x5c0\n[   45.768223][ T9787]  ? __pfx_hfs_read_folio+0x10/0x10\n[   45.768666][ T9787]  read_cache_page+0x5b/0x160\n[   45.769070][ T9787]  hfs_btree_open+0x491/0x1740\n[   45.769481][ T9787]  hfs_mdb_get+0x15e2/0x1fb0\n[   45.769877][ T9787]  ? __pfx_hfs_mdb_get+0x10/0x10\n[   45.770316][ T9787]  ? find_held_lock+0x2b/0x80\n[   45.770731][ T9787]  ? lockdep_init_map_type+0x5c/0x280\n[   45.771200][ T9787]  ? lockdep_init_map_type+0x5c/0x280\n[   45.771674][ T9787]  hfs_fill_super+0x38e/0x720\n[   45.772092][ T9787]  ? __pfx_hfs_fill_super+0x10/0x10\n[   45.772549][ T9787]  ? snprintf+0xbe/0x100\n[   45.772931][ T9787]  ? __pfx_snprintf+0x10/0x10\n[   45.773350][ T9787]  ? do_raw_spin_lock+0x129/0x2b0\n[   45.773796][ T9787]  ? find_held_lock+0x2b/0x80\n[   45.774215][ T9787]  ? set_blocksize+0x40a/0x510\n[   45.774636][ T9787]  ? sb_set_blocksize+0x176/0x1d0\n[   45.775087][ T9787]  ? setup_bdev_super+0x369/0x730\n[   45.775533][ T9787]  get_tree_bdev_flags+0x384/0x620\n[   45.775985][ T9787]  ? __pfx_hfs_fill_super+0x10/0x10\n[   45.776453][ T9787]  ? __pfx_get_tree_bdev_flags+0x10/0x10\n[   45.776950][ T9787]  ? bpf_lsm_capable+0x9/0x10\n[   45.777365][ T9787]  ? security_capable+0x80/0x260\n[   45.777803][ T9787]  vfs_get_tree+0x8e/0x340\n[   45.778203][ T9787]  path_mount+0x13de/0x2010\n[   45.778604][ T9787]  ? kmem_cache_free+0x2b0/0x4c0\n[   45.779052][ T9787]  ? __pfx_path_mount+0x10/0x10\n[   45.779480][ T9787]  ? getname_flags.part.0+0x1c5/0x550\n[   45.779954][ T9787]  ? putname+0x154/0x1a0\n[   45.780335][ T9787]  __x64_sys_mount+0x27b/0x300\n[   45.780758][ T9787]  ? __pfx___x64_sys_mount+0x10/0x10\n[   45.781232][ T9787] \n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/hfs/bfind.c","fs/hfs/btree.c","fs/hfs/extent.c","fs/hfs/hfs_fs.h"],"versions":[{"version":"434a964daa14b9db083ce20404a4a2add54d037a","lessThan":"4f032979b63ad52e08aadf0faeac34ed35133ec0","status":"affected","versionType":"git"},{"version":"434a964daa14b9db083ce20404a4a2add54d037a","lessThan":"5d8b249527362e0ccafcaf76b3bec2a0d2aa1498","status":"affected","versionType":"git"},{"version":"434a964daa14b9db083ce20404a4a2add54d037a","lessThan":"b918c17a1934ac6309b0083f41d4e9d8fb3bb46c","status":"affected","versionType":"git"},{"version":"434a964daa14b9db083ce20404a4a2add54d037a","lessThan":"6e20e10064fdc43231636fca519c15c013a8e3d6","status":"affected","versionType":"git"},{"version":"434a964daa14b9db083ce20404a4a2add54d037a","lessThan":"736a0516a16268995f4898eded49bfef077af709","status":"affected","versionType":"git"},{"version":"3db7e32f7521df6f9b64a9b04abb00dd11ca5735","status":"affected","versionType":"git"},{"version":"34456bfafc2743a19eb148d56502f9a8c0dc6fcc","status":"affected","versionType":"git"},{"version":"9d6b8fa025237243e1782c358c83f20062d39fbe","status":"affected","versionType":"git"},{"version":"70f2545d9e75f9d8ed4bfe0a6efa232abd88806e","status":"affected","versionType":"git"},{"version":"9f0f2bb728f4e87568f89a5603f7d3b76ef6a3b9","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/hfs/bfind.c","fs/hfs/btree.c","fs/hfs/extent.c","fs/hfs/hfs_fs.h"],"versions":[{"version":"3.2","status":"affected"},{"version":"0","lessThan":"3.2","status":"unaffected","versionType":"semver"},{"version":"6.6.103","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.43","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.11","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16.2","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.6.103"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.12.43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.15.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.16.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27.60"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.32.51"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4f032979b63ad52e08aadf0faeac34ed35133ec0"},{"url":"https://git.kernel.org/stable/c/5d8b249527362e0ccafcaf76b3bec2a0d2aa1498"},{"url":"https://git.kernel.org/stable/c/b918c17a1934ac6309b0083f41d4e9d8fb3bb46c"},{"url":"https://git.kernel.org/stable/c/6e20e10064fdc43231636fca519c15c013a8e3d6"},{"url":"https://git.kernel.org/stable/c/736a0516a16268995f4898eded49bfef077af709"}],"title":"hfs: fix general protection fault in hfs_find_init()","x_generator":{"engine":"bippy-1.2.0"}}}}