Volerion logoVolerion
Volerion logoVolerion

Linux Kernel HFS/HFSPlus Slab-Out-Of-Bounds Vulnerability

Vulnerability

A slab-out-of-bounds vulnerability has been identified in the Linux kernel's HFS/HFSPlus file system. This issue arises in the 'hfs_bnode_read_key' function, where an invalid key length can lead to out-of-bounds memory access. The vulnerability was reported by Syzbot and is related to memory handling in high-memory pages.

Impact

Exploitation of this vulnerability can lead to out-of-bounds memory access, potentially causing memory corruption.

Reproduction

The vulnerability can be reproduced by creating a directory using the 'mkdir' system call in a file system that uses HFS or HFSPlus. The 'hfs_mkdir' function will be called, which triggers the vulnerability by passing an invalid key length to the 'hfs_bnode_read_key' function, causing a slab-out-of-bounds memory access.

Remediation

Users are advised to update to the latest version of the Linux kernel where this vulnerability has been patched.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.0
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.