cve-2025-37782
Vulnerability from cvelistv5
Published
2025-05-01 13:07
Modified
2025-05-04 07:32
Severity ?
EPSS score ?
Summary
hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/hfs/bnode.c",
"fs/hfsplus/bnode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8060afd77761eac2048db12fb0510d76ce0cf1f3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f6651c04191d49907d40f0891bbe51ef9703c792",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a33c035df01d1e008874607da74bf7cf45152f47",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0296f9733543c7c8e666e69da743cfffd32dd805",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9f77aa584a659b21211a794e53522e6fb16d4a16",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "84e8719c087e68c967975b78e67be54f697c957f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9c93fb4ad8d3b730afe1a09949ebbea64d4f60eb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bb5e07cb927724e0b47be371fa081141cfb14414",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/hfs/bnode.c",
"fs/hfsplus/bnode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.293",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.135",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.25",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15-rc3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.293",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.135",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.88",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.25",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.4",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15-rc3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key\n\nSyzbot reported an issue in hfs subsystem:\n\nBUG: KASAN: slab-out-of-bounds in memcpy_from_page include/linux/highmem.h:423 [inline]\nBUG: KASAN: slab-out-of-bounds in hfs_bnode_read fs/hfs/bnode.c:35 [inline]\nBUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70\nWrite of size 94 at addr ffff8880123cd100 by task syz-executor237/5102\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n memcpy_from_page include/linux/highmem.h:423 [inline]\n hfs_bnode_read fs/hfs/bnode.c:35 [inline]\n hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70\n hfs_brec_insert+0x7f3/0xbd0 fs/hfs/brec.c:159\n hfs_cat_create+0x41d/0xa50 fs/hfs/catalog.c:118\n hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232\n vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257\n do_mkdirat+0x264/0x3a0 fs/namei.c:4280\n __do_sys_mkdir fs/namei.c:4300 [inline]\n __se_sys_mkdir fs/namei.c:4298 [inline]\n __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fbdd6057a99\n\nAdd a check for key length in hfs_bnode_read_key to prevent\nout-of-bounds memory access. If the key length is invalid, the\nkey buffer is cleared, improving stability and reliability."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:32:24.672Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8060afd77761eac2048db12fb0510d76ce0cf1f3"
},
{
"url": "https://git.kernel.org/stable/c/f6651c04191d49907d40f0891bbe51ef9703c792"
},
{
"url": "https://git.kernel.org/stable/c/a33c035df01d1e008874607da74bf7cf45152f47"
},
{
"url": "https://git.kernel.org/stable/c/0296f9733543c7c8e666e69da743cfffd32dd805"
},
{
"url": "https://git.kernel.org/stable/c/9f77aa584a659b21211a794e53522e6fb16d4a16"
},
{
"url": "https://git.kernel.org/stable/c/84e8719c087e68c967975b78e67be54f697c957f"
},
{
"url": "https://git.kernel.org/stable/c/9c93fb4ad8d3b730afe1a09949ebbea64d4f60eb"
},
{
"url": "https://git.kernel.org/stable/c/bb5e07cb927724e0b47be371fa081141cfb14414"
}
],
"title": "hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37782",
"datePublished": "2025-05-01T13:07:18.993Z",
"dateReserved": "2025-04-16T04:51:23.940Z",
"dateUpdated": "2025-05-04T07:32:24.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-37782\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T14:15:42.163\",\"lastModified\":\"2025-05-02T13:53:20.943\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nhfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key\\n\\nSyzbot reported an issue in hfs subsystem:\\n\\nBUG: KASAN: slab-out-of-bounds in memcpy_from_page include/linux/highmem.h:423 [inline]\\nBUG: KASAN: slab-out-of-bounds in hfs_bnode_read fs/hfs/bnode.c:35 [inline]\\nBUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70\\nWrite of size 94 at addr ffff8880123cd100 by task syz-executor237/5102\\n\\nCall Trace:\\n \u003cTASK\u003e\\n __dump_stack lib/dump_stack.c:94 [inline]\\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\\n print_address_description mm/kasan/report.c:377 [inline]\\n print_report+0x169/0x550 mm/kasan/report.c:488\\n kasan_report+0x143/0x180 mm/kasan/report.c:601\\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\\n memcpy_from_page include/linux/highmem.h:423 [inline]\\n hfs_bnode_read fs/hfs/bnode.c:35 [inline]\\n hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70\\n hfs_brec_insert+0x7f3/0xbd0 fs/hfs/brec.c:159\\n hfs_cat_create+0x41d/0xa50 fs/hfs/catalog.c:118\\n hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232\\n vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257\\n do_mkdirat+0x264/0x3a0 fs/namei.c:4280\\n __do_sys_mkdir fs/namei.c:4300 [inline]\\n __se_sys_mkdir fs/namei.c:4298 [inline]\\n __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298\\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\nRIP: 0033:0x7fbdd6057a99\\n\\nAdd a check for key length in hfs_bnode_read_key to prevent\\nout-of-bounds memory access. If the key length is invalid, the\\nkey buffer is cleared, improving stability and reliability.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hfs/hfsplus: se corrige slab-out-of-bounds en hfs_bnode_read_key Syzbot inform\u00f3 de un problema en el subsistema hfs: ERROR: KASAN: slab-out-of-bounds en memcpy_from_page include/linux/highmem.h:423 [en l\u00ednea] ERROR: KASAN: slab-out-of-bounds en hfs_bnode_read fs/hfs/bnode.c:35 [en l\u00ednea] ERROR: KASAN: slab-out-of-bounds en hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70 Escritura de tama\u00f1o 94 en la direcci\u00f3n ffff8880123cd100 por la tarea syz-executor237/5102 Rastreo de llamadas: __dump_stack lib/dump_stack.c:94 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [en l\u00ednea] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106 memcpy_from_page include/linux/highmem.h:423 [en l\u00ednea] hfs_bnode_read fs/hfs/bnode.c:35 [en l\u00ednea] hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70 hfs_brec_insert+0x7f3/0xbd0 fs/hfs/brec.c:159 hfs_cat_create+0x41d/0xa50 fs/hfs/catalog.c:118 hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232 vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257 do_mkdirat+0x264/0x3a0 fs/namei.c:4280 __do_sys_mkdir fs/namei.c:4300 [en l\u00ednea] __se_sys_mkdir fs/namei.c:4298 [en l\u00ednea] __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fbdd6057a99 Se ha a\u00f1adido una comprobaci\u00f3n de la longitud de la clave en hfs_bnode_read_key para evitar el acceso a memoria fuera de los l\u00edmites. Si la longitud de la clave no es v\u00e1lida, se borra el b\u00fafer de claves, lo que mejora la estabilidad y la fiabilidad.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0296f9733543c7c8e666e69da743cfffd32dd805\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8060afd77761eac2048db12fb0510d76ce0cf1f3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/84e8719c087e68c967975b78e67be54f697c957f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9c93fb4ad8d3b730afe1a09949ebbea64d4f60eb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9f77aa584a659b21211a794e53522e6fb16d4a16\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a33c035df01d1e008874607da74bf7cf45152f47\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bb5e07cb927724e0b47be371fa081141cfb14414\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f6651c04191d49907d40f0891bbe51ef9703c792\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.