DEBIAN-CVE-2025-38714

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplusbnoderead() The hfsplusbnoderead() method can trigger the issue: [ 174.852007][ T9784] ================================================================== [ 174.852709][ T9784] BUG: KASAN: slab-out-of-bounds in hfsplusbnoderead+0x2f4/0x360 [ 174.853412][ T9784] Read of size 8 at addr ffff88810b5fc6c0 by task repro/9784 [ 174.854059][ T9784] [ 174.854272][ T9784] CPU: 1 UID: 0 PID: 9784 Comm: repro Not tainted 6.16.0-rc3 #7 PREEMPT(full) [ 174.854281][ T9784] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 174.854286][ T9784] Call Trace: [ 174.854289][ T9784] <TASK> [ 174.854292][ T9784] dumpstacklvl+0x10e/0x1f0 [ 174.854305][ T9784] printreport+0xd0/0x660 [ 174.854315][ T9784] ? virtaddrvalid+0x81/0x610 [ 174.854323][ T9784] ? _physaddr+0xe8/0x180 [ 174.854330][ T9784] ? hfsplusbnoderead+0x2f4/0x360 [ 174.854337][ T9784] kasanreport+0xc6/0x100 [ 174.854346][ T9784] ? hfsplusbnoderead+0x2f4/0x360 [ 174.854354][ T9784] hfsplusbnoderead+0x2f4/0x360 [ 174.854362][ T9784] hfsplusbnodedump+0x2ec/0x380 [ 174.854370][ T9784] ? _pfxhfsplusbnodedump+0x10/0x10 [ 174.854377][ T9784] ? hfsplusbnodewriteu16+0x83/0xb0 [ 174.854385][ T9784] ? srcugpstart+0xd0/0x310 [ 174.854393][ T9784] ? _markinodedirty+0x29e/0xe40 [ 174.854402][ T9784] hfsplusbrecremove+0x3d2/0x4e0 [ 174.854411][ T9784] _hfsplusdeleteattr+0x290/0x3a0 [ 174.854419][ T9784] ? _pfxhfsfind1strecbycnid+0x10/0x10 [ 174.854427][ T9784] ? _pfxhfsplusdeleteattr+0x10/0x10 [ 174.854436][ T9784] ? _asanmemset+0x23/0x50 [ 174.854450][ T9784] hfsplusdeleteallattrs+0x262/0x320 [ 174.854459][ T9784] ? _pfxhfsplusdeleteallattrs+0x10/0x10 [ 174.854469][ T9784] ? rcuiswatching+0x12/0xc0 [ 174.854476][ T9784] ? _markinodedirty+0x29e/0xe40 [ 174.854483][ T9784] hfsplusdeletecat+0x845/0xde0 [ 174.854493][ T9784] ? _pfxhfsplusdeletecat+0x10/0x10 [ 174.854507][ T9784] hfsplusunlink+0x1ca/0x7c0 [ 174.854516][ T9784] ? _pfxhfsplusunlink+0x10/0x10 [ 174.854525][ T9784] ? downwrite+0x148/0x200 [ 174.854532][ T9784] ? _pfxdownwrite+0x10/0x10 [ 174.854540][ T9784] vfsunlink+0x2fe/0x9b0 [ 174.854549][ T9784] dounlinkat+0x490/0x670 [ 174.854557][ T9784] ? _pfxdounlinkat+0x10/0x10 [ 174.854565][ T9784] ? _mightfault+0xbc/0x130 [ 174.854576][ T9784] ? getnameflags.part.0+0x1c5/0x550 [ 174.854584][ T9784] _x64sysunlink+0xc5/0x110 [ 174.854592][ T9784] dosyscall64+0xc9/0x480 [ 174.854600][ T9784] entrySYSCALL64afterhwframe+0x77/0x7f [ 174.854608][ T9784] RIP: 0033:0x7f6fdf4c3167 [ 174.854614][ T9784] Code: f0 ff ff 73 01 c3 48 8b 0d 26 0d 0e 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 08 [ 174.854622][ T9784] RSP: 002b:00007ffcb948bca8 EFLAGS: 00000206 ORIGRAX: 0000000000000057 [ 174.854630][ T9784] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6fdf4c3167 [ 174.854636][ T9784] RDX: 00007ffcb948bcc0 RSI: 00007ffcb948bcc0 RDI: 00007ffcb948bd50 [ 174.854641][ T9784] RBP: 00007ffcb948cd90 R08: 0000000000000001 R09: 00007ffcb948bb40 [ 174.854645][ T9784] R10: 00007f6fdf564fc0 R11: 0000000000000206 R12: 0000561e1bc9c2d0 [ 174.854650][ T9784] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 174.854658][ T9784] </TASK> [ 174.854661][ T9784] [ 174.879281][ T9784] Allocated by task 9784: [ 174.879664][ T9784] kasansavestack+0x20/0x40 [ 174.880082][ T9784] kasansavetrack+0x14/0x30 [ 174.880500][ T9784] _kasankmalloc+0xaa/0xb0 [ 174.880908][ T9784] _kmallocnoprof+0x205/0x550 [ 174.881337][ T9784] _hfsbnodecreate+0x107/0x890 [ 174.881779][ T9784] hfsplusbnodefind+0x2d0/0xd10 [ 174.882222][ T9784] hfsplusbrecfind+0x2b0/0x520 [ 174.882659][ T9784] hfsplusdeleteall_attrs+0x23b/0x3 ---truncated---

References

https://security-tracker.debian.org/tracker/CVE-2025-38714

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.244-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

5.10.178-1

5.10.178-2

5.10.178-3

5.10.179-1

5.10.179-2

5.10.179-3

5.10.179-4

5.10.179-5

5.10.191-1

5.10.197-1

5.10.205-1

5.10.205-2

5.10.209-1

5.10.209-2

5.10.216-1

5.10.218-1

5.10.221-1

5.10.223-1

5.10.226-1

5.10.234-1

5.10.237-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.153-1

Affected versions

6.*

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

6.1.52-1

6.1.55-1~bpo11+1

6.1.55-1

6.1.64-1

6.1.66-1

6.1.67-1

6.1.69-1~bpo11+1

6.1.69-1

6.1.76-1~bpo11+1

6.1.76-1

6.1.82-1

6.1.85-1

6.1.90-1~bpo11+1

6.1.90-1

6.1.94-1~bpo11+1

6.1.94-1

6.1.98-1

6.1.99-1

6.1.106-1

6.1.106-2

6.1.106-3

6.1.112-1

6.1.115-1

6.1.119-1

6.1.123-1

6.1.124-1

6.1.128-1

6.1.129-1

6.1.133-1

6.1.135-1

6.1.137-1

6.1.139-1

6.1.140-1

6.1.147-1

6.1.148-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.43-1

Affected versions

6.*

6.12.38-1

6.12.41-1

6.12.43-1~bpo12+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.16.3-1

Affected versions

6.*

6.12.38-1

6.12.41-1

6.12.43-1~bpo12+1

6.12.43-1

6.12.48-1

6.13~rc6-1~exp1

6.13~rc7-1~exp1

6.13.2-1~exp1

6.13.3-1~exp1

6.13.4-1~exp1

6.13.5-1~exp1

6.13.6-1~exp1

6.13.7-1~exp1

6.13.8-1~exp1

6.13.9-1~exp1

6.13.10-1~exp1

6.13.11-1~exp1

6.14.3-1~exp1

6.14.5-1~exp1

6.14.6-1~exp1

6.15~rc7-1~exp1

6.15-1~exp1

6.15.1-1~exp1

6.15.2-1~exp1

6.15.3-1~exp1

6.15.4-1~exp1

6.15.5-1~exp1

6.15.6-1~exp1

6.16~rc7-1~exp1

6.16-1~exp1

6.16.1-1~exp1

6.16.3-1~bpo13+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / linux-6.1

Package

Name: linux-6.1
Purl: pkg:deb/debian/linux-6.1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.153-1~deb11u1

Affected versions

6.*

6.1.106-3~deb11u1

6.1.106-3~deb11u2

6.1.106-3~deb11u3

6.1.112-1~deb11u1

6.1.119-1~deb11u1

6.1.128-1~deb11u1

6.1.129-1~deb11u1

6.1.137-1~deb11u1

6.1.140-1~deb11u1

6.1.147-1~deb11u1

6.1.148-1~deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}