SB20251216146 - Improper locking in Linux kernel hfsplus
Published: December 16, 2025
Security Bulletin ID
SB20251216146
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-40351)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_iget() function in fs/hfsplus/super.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1b9e5ade272f8be6421c9eea4c4f6810180017f9
- https://git.kernel.org/stable/c/295527bfdefd5bf31ec8218e2891a65777141d05
- https://git.kernel.org/stable/c/2bb8bc99b1a7a46d83f95c46f530305f6df84eaf
- https://git.kernel.org/stable/c/4891bf2b09c313622a6e07d7f108aa5e123c768d
- https://git.kernel.org/stable/c/9b3d15a758910bb98ba8feb4109d99cc67450ee4
- https://git.kernel.org/stable/c/9df3c241fbf69edce968b20eeeeb3f6da34af041
- https://git.kernel.org/stable/c/a2bee43b451615531ae6f3cf45054f02915ef885
- https://git.kernel.org/stable/c/b07630afe1671096dc64064190cae3b6165cf6e4