{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-40244","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.181Z","datePublished":"2025-12-04T15:31:33.249Z","dateUpdated":"2026-05-11T21:45:34.841Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:45:34.841Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()\n\nThe syzbot reported issue in __hfsplus_ext_cache_extent():\n\n[   70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x7d0/0x990\n[   70.195022][ T9350]  __hfsplus_ext_cache_extent+0x7d0/0x990\n[   70.195530][ T9350]  hfsplus_file_extend+0x74f/0x1cf0\n[   70.195998][ T9350]  hfsplus_get_block+0xe16/0x17b0\n[   70.196458][ T9350]  __block_write_begin_int+0x962/0x2ce0\n[   70.196959][ T9350]  cont_write_begin+0x1000/0x1950\n[   70.197416][ T9350]  hfsplus_write_begin+0x85/0x130\n[   70.197873][ T9350]  generic_perform_write+0x3e8/0x1060\n[   70.198374][ T9350]  __generic_file_write_iter+0x215/0x460\n[   70.198892][ T9350]  generic_file_write_iter+0x109/0x5e0\n[   70.199393][ T9350]  vfs_write+0xb0f/0x14e0\n[   70.199771][ T9350]  ksys_write+0x23e/0x490\n[   70.200149][ T9350]  __x64_sys_write+0x97/0xf0\n[   70.200570][ T9350]  x64_sys_call+0x3015/0x3cf0\n[   70.201065][ T9350]  do_syscall_64+0xd9/0x1d0\n[   70.201506][ T9350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.202054][ T9350]\n[   70.202279][ T9350] Uninit was created at:\n[   70.202693][ T9350]  __kmalloc_noprof+0x621/0xf80\n[   70.203149][ T9350]  hfsplus_find_init+0x8d/0x1d0\n[   70.203602][ T9350]  hfsplus_file_extend+0x6ca/0x1cf0\n[   70.204087][ T9350]  hfsplus_get_block+0xe16/0x17b0\n[   70.204561][ T9350]  __block_write_begin_int+0x962/0x2ce0\n[   70.205074][ T9350]  cont_write_begin+0x1000/0x1950\n[   70.205547][ T9350]  hfsplus_write_begin+0x85/0x130\n[   70.206017][ T9350]  generic_perform_write+0x3e8/0x1060\n[   70.206519][ T9350]  __generic_file_write_iter+0x215/0x460\n[   70.207042][ T9350]  generic_file_write_iter+0x109/0x5e0\n[   70.207552][ T9350]  vfs_write+0xb0f/0x14e0\n[   70.207961][ T9350]  ksys_write+0x23e/0x490\n[   70.208375][ T9350]  __x64_sys_write+0x97/0xf0\n[   70.208810][ T9350]  x64_sys_call+0x3015/0x3cf0\n[   70.209255][ T9350]  do_syscall_64+0xd9/0x1d0\n[   70.209680][ T9350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.210230][ T9350]\n[   70.210454][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Not tainted 6.12.0-rc5 #5\n[   70.211174][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   70.212115][ T9350] =====================================================\n[   70.212734][ T9350] Disabling lock debugging due to kernel taint\n[   70.213284][ T9350] Kernel panic - not syncing: kmsan.panic set ...\n[   70.213858][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Tainted: G    B              6.12.0-rc5 #5\n[   70.214679][ T9350] Tainted: [B]=BAD_PAGE\n[   70.215057][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   70.215999][ T9350] Call Trace:\n[   70.216309][ T9350]  <TASK>\n[   70.216585][ T9350]  dump_stack_lvl+0x1fd/0x2b0\n[   70.217025][ T9350]  dump_stack+0x1e/0x30\n[   70.217421][ T9350]  panic+0x502/0xca0\n[   70.217803][ T9350]  ? kmsan_get_metadata+0x13e/0x1c0\n\n[   70.218294][ Message fromT sy9350]  kmsan_report+0x296/slogd@syzkaller 0x2aat Aug 18 22:11:058 ...\n kernel\n:[   70.213284][ T9350] Kernel panic - not syncing: kmsan.panic [   70.220179][ T9350]  ? kmsan_get_metadata+0x13e/0x1c0\nset ...\n[   70.221254][ T9350]  ? __msan_warning+0x96/0x120\n[   70.222066][ T9350]  ? __hfsplus_ext_cache_extent+0x7d0/0x990\n[   70.223023][ T9350]  ? hfsplus_file_extend+0x74f/0x1cf0\n[   70.224120][ T9350]  ? hfsplus_get_block+0xe16/0x17b0\n[   70.224946][ T9350]  ? __block_write_begin_int+0x962/0x2ce0\n[   70.225756][ T9350]  ? cont_write_begin+0x1000/0x1950\n[   70.226337][ T9350]  ? hfsplus_write_begin+0x85/0x130\n[   70.226852][ T9350]  ? generic_perform_write+0x3e8/0x1060\n[   70.227405][ T9350]  ? __generic_file_write_iter+0x215/0x460\n[   70.227979][ T9350]  ? generic_file_write_iter+0x109/0x5e0\n[   70.228540][ T9350]  ? vfs_write+0xb0f/0x14e0\n[   70.228997][ T9350]  ? ksys_write+0x23e/0x490\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/hfsplus/bfind.c"],"versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"c1ec90bed504640a42bb20a5f413be39cd17ad71","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"b8a72692aa42b7dcd179a96b90bc2763ac74576a","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"c135b8dca65526aa5b8814e9954e0ae317d9c598","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"d7e313039a8f3a6ee072dc5ff4643234d2d735cf","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"a5bfb13b4f406aef1a450f99d22d3e48df01528c","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"99202d94909d323a30d154ab0261c0a07166daec","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"14c673a2f3ecf650b694a52a88688f1d71849899","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"4840ceadef4290c56cc422f0fc697655f3cbf070","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/hfsplus/bfind.c"],"versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","status":"unaffected","versionType":"semver"},{"version":"5.4.301","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.246","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.196","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.158","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.115","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.56","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.6","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.4.301"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.10.246"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.15.196"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.1.158"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.6.115"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.12.56"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.17.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c1ec90bed504640a42bb20a5f413be39cd17ad71"},{"url":"https://git.kernel.org/stable/c/b8a72692aa42b7dcd179a96b90bc2763ac74576a"},{"url":"https://git.kernel.org/stable/c/c135b8dca65526aa5b8814e9954e0ae317d9c598"},{"url":"https://git.kernel.org/stable/c/d7e313039a8f3a6ee072dc5ff4643234d2d735cf"},{"url":"https://git.kernel.org/stable/c/a5bfb13b4f406aef1a450f99d22d3e48df01528c"},{"url":"https://git.kernel.org/stable/c/99202d94909d323a30d154ab0261c0a07166daec"},{"url":"https://git.kernel.org/stable/c/14c673a2f3ecf650b694a52a88688f1d71849899"},{"url":"https://git.kernel.org/stable/c/4840ceadef4290c56cc422f0fc697655f3cbf070"}],"title":"hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()","x_generator":{"engine":"bippy-1.2.0"}}}}