CVE-2025-71271

Source
https://cve.org/CVERecord?id=CVE-2025-71271
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71271.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-71271
Downstream
Published
2026-05-06T11:27:05.321Z
Modified
2026-07-08T07:05:22.602786589Z
Summary
hfsplus: ensure sb->s_fs_info is always cleaned up
Details

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: ensure sb->sfsinfo is always cleaned up

When hfsplus was converted to the new mount api a bug was introduced by changing the allocation pattern of sb->sfsinfo. If setupbdevsuper() fails after a new superblock has been allocated by sgetfc(), but before hfsplusfillsuper() takes ownership of the filesystem-specific sfs_info data it was leaked.

Fix this by freeing sb->sfsinfo in hfspluskillsuper().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71271.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
432f7c78cb000a3151fa0d39585b000312f50d7e
Fixed
0bcfebb83b5460d5be4e5c9dfb19cdaf3d4cb1db
Fixed
1e38d32bb04d85a2c81204a85a34878a497128c8
Fixed
126fb0ce99431126b44a6c360192668c818f641f

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71271.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71271.json"