Volerion logoVolerion
Volerion logoVolerion

Linux Kernel HFS+ File System Slab-Out-Of-Bounds Read Vulnerability

Vulnerability

A slab-out-of-bounds read vulnerability has been identified in the Linux kernel's HFS+ file system implementation. This issue arises in the 'hfsplus_strcasecmp' function, where improper string length handling can lead to out-of-bounds memory access. The vulnerability affects Linux kernel versions prior to 6.17.0.

Impact

Exploitation of this vulnerability causes a slab-out-of-bounds read, which can lead to information disclosure or potentially allow for further exploitation, such as arbitrary code execution.

Reproduction

The vulnerability can be reproduced by unmounting a HFS+ file system while a process is actively accessing it. This can be done by using the 'umount' command on a mounted HFS+ file system, which will trigger the 'hfsplus_strcasecmp' function and cause the out-of-bounds read.

Remediation

Users can upgrade to Linux kernel version 6.17.0 or later, where this vulnerability has been fixed.

Added: Oct 30, 2025, 10:42 AM
Updated: Oct 30, 2025, 3:48 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.8
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.