logo_clicknbuy.png

CVE-2025-37782 – Linux HFS slub Out-of-Bounds Write

The following table lists the changes that have been made to the
CVE-2025-37782 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 01, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key

    Syzbot reported an issue in hfs subsystem:

    BUG: KASAN: slab-out-of-bounds in memcpy_from_page include/linux/highmem.h:423 [inline]
    BUG: KASAN: slab-out-of-bounds in hfs_bnode_read fs/hfs/bnode.c:35 [inline]
    BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70
    Write of size 94 at addr ffff8880123cd100 by task syz-executor237/5102

    Call Trace:

    __dump_stack lib/dump_stack.c:94 [inline]
    dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
    print_address_description mm/kasan/report.c:377 [inline]
    print_report+0x169/0x550 mm/kasan/report.c:488
    kasan_report+0x143/0x180 mm/kasan/report.c:601
    kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
    __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106
    memcpy_from_page include/linux/highmem.h:423 [inline]
    hfs_bnode_read fs/hfs/bnode.c:35 [inline]
    hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70
    hfs_brec_insert+0x7f3/0xbd0 fs/hfs/brec.c:159
    hfs_cat_create+0x41d/0xa50 fs/hfs/catalog.c:118
    hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232
    vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257
    do_mkdirat+0x264/0x3a0 fs/namei.c:4280
    __do_sys_mkdir fs/namei.c:4300 [inline]
    __se_sys_mkdir fs/namei.c:4298 [inline]
    __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298
    do_syscall_x64 arch/x86/entry/common.c:52 [inline]
    do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
    entry_SYSCALL_64_after_hwframe+0x77/0x7f
    RIP: 0033:0x7fbdd6057a99

    Add a check for key length in hfs_bnode_read_key to prevent
    out-of-bounds memory access. If the key length is invalid, the
    key buffer is cleared, improving stability and reliability.
    Added Reference https://git.kernel.org/stable/c/0296f9733543c7c8e666e69da743cfffd32dd805
    Added Reference https://git.kernel.org/stable/c/84e8719c087e68c967975b78e67be54f697c957f
    Added Reference https://git.kernel.org/stable/c/9c93fb4ad8d3b730afe1a09949ebbea64d4f60eb
    Added Reference https://git.kernel.org/stable/c/9f77aa584a659b21211a794e53522e6fb16d4a16
    Added Reference https://git.kernel.org/stable/c/bb5e07cb927724e0b47be371fa081141cfb14414
Share the Post:

Related Posts