{"id":"CVE-2025-40351","summary":"hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()\n\nThe syzbot reported issue in hfsplus_delete_cat():\n\n[   70.682285][ T9333] =====================================================\n[   70.682943][ T9333] BUG: KMSAN: uninit-value in hfsplus_subfolders_dec+0x1d7/0x220\n[   70.683640][ T9333]  hfsplus_subfolders_dec+0x1d7/0x220\n[   70.684141][ T9333]  hfsplus_delete_cat+0x105d/0x12b0\n[   70.684621][ T9333]  hfsplus_rmdir+0x13d/0x310\n[   70.685048][ T9333]  vfs_rmdir+0x5ba/0x810\n[   70.685447][ T9333]  do_rmdir+0x964/0xea0\n[   70.685833][ T9333]  __x64_sys_rmdir+0x71/0xb0\n[   70.686260][ T9333]  x64_sys_call+0xcd8/0x3cf0\n[   70.686695][ T9333]  do_syscall_64+0xd9/0x1d0\n[   70.687119][ T9333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.687646][ T9333]\n[   70.687856][ T9333] Uninit was stored to memory at:\n[   70.688311][ T9333]  hfsplus_subfolders_inc+0x1c2/0x1d0\n[   70.688779][ T9333]  hfsplus_create_cat+0x148e/0x1800\n[   70.689231][ T9333]  hfsplus_mknod+0x27f/0x600\n[   70.689730][ T9333]  hfsplus_mkdir+0x5a/0x70\n[   70.690146][ T9333]  vfs_mkdir+0x483/0x7a0\n[   70.690545][ T9333]  do_mkdirat+0x3f2/0xd30\n[   70.690944][ T9333]  __x64_sys_mkdir+0x9a/0xf0\n[   70.691380][ T9333]  x64_sys_call+0x2f89/0x3cf0\n[   70.691816][ T9333]  do_syscall_64+0xd9/0x1d0\n[   70.692229][ T9333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.692773][ T9333]\n[   70.692990][ T9333] Uninit was stored to memory at:\n[   70.693469][ T9333]  hfsplus_subfolders_inc+0x1c2/0x1d0\n[   70.693960][ T9333]  hfsplus_create_cat+0x148e/0x1800\n[   70.694438][ T9333]  hfsplus_fill_super+0x21c1/0x2700\n[   70.694911][ T9333]  mount_bdev+0x37b/0x530\n[   70.695320][ T9333]  hfsplus_mount+0x4d/0x60\n[   70.695729][ T9333]  legacy_get_tree+0x113/0x2c0\n[   70.696167][ T9333]  vfs_get_tree+0xb3/0x5c0\n[   70.696588][ T9333]  do_new_mount+0x73e/0x1630\n[   70.697013][ T9333]  path_mount+0x6e3/0x1eb0\n[   70.697425][ T9333]  __se_sys_mount+0x733/0x830\n[   70.697857][ T9333]  __x64_sys_mount+0xe4/0x150\n[   70.698269][ T9333]  x64_sys_call+0x2691/0x3cf0\n[   70.698704][ T9333]  do_syscall_64+0xd9/0x1d0\n[   70.699117][ T9333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.699730][ T9333]\n[   70.699946][ T9333] Uninit was created at:\n[   70.700378][ T9333]  __alloc_pages_noprof+0x714/0xe60\n[   70.700843][ T9333]  alloc_pages_mpol_noprof+0x2a2/0x9b0\n[   70.701331][ T9333]  alloc_pages_noprof+0xf8/0x1f0\n[   70.701774][ T9333]  allocate_slab+0x30e/0x1390\n[   70.702194][ T9333]  ___slab_alloc+0x1049/0x33a0\n[   70.702635][ T9333]  kmem_cache_alloc_lru_noprof+0x5ce/0xb20\n[   70.703153][ T9333]  hfsplus_alloc_inode+0x5a/0xd0\n[   70.703598][ T9333]  alloc_inode+0x82/0x490\n[   70.703984][ T9333]  iget_locked+0x22e/0x1320\n[   70.704428][ T9333]  hfsplus_iget+0x5c/0xba0\n[   70.704827][ T9333]  hfsplus_btree_open+0x135/0x1dd0\n[   70.705291][ T9333]  hfsplus_fill_super+0x1132/0x2700\n[   70.705776][ T9333]  mount_bdev+0x37b/0x530\n[   70.706171][ T9333]  hfsplus_mount+0x4d/0x60\n[   70.706579][ T9333]  legacy_get_tree+0x113/0x2c0\n[   70.707019][ T9333]  vfs_get_tree+0xb3/0x5c0\n[   70.707444][ T9333]  do_new_mount+0x73e/0x1630\n[   70.707865][ T9333]  path_mount+0x6e3/0x1eb0\n[   70.708270][ T9333]  __se_sys_mount+0x733/0x830\n[   70.708711][ T9333]  __x64_sys_mount+0xe4/0x150\n[   70.709158][ T9333]  x64_sys_call+0x2691/0x3cf0\n[   70.709630][ T9333]  do_syscall_64+0xd9/0x1d0\n[   70.710053][ T9333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   70.710611][ T9333]\n[   70.710842][ T9333] CPU: 3 UID: 0 PID: 9333 Comm: repro Not tainted 6.12.0-rc6-dirty #17\n[   70.711568][ T9333] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   70.712490][ T9333] =====================================================\n[   70.713085][ T9333] Disabling lock debugging due to kernel taint\n[   70.713618][ T9333] Kernel panic - not syncing: kmsan.panic set ...\n[   70.714159][ T9333] \n---truncated---","modified":"2026-04-02T12:48:22.609139Z","published":"2025-12-16T13:30:24.764Z","related":["SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:0316-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40351.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1b9e5ade272f8be6421c9eea4c4f6810180017f9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/295527bfdefd5bf31ec8218e2891a65777141d05"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2bb8bc99b1a7a46d83f95c46f530305f6df84eaf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4891bf2b09c313622a6e07d7f108aa5e123c768d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9b3d15a758910bb98ba8feb4109d99cc67450ee4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9df3c241fbf69edce968b20eeeeb3f6da34af041"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a2bee43b451615531ae6f3cf45054f02915ef885"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b07630afe1671096dc64064190cae3b6165cf6e4"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40351.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40351"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d7d673a591701f131e53d4fd4e2b9352f1316642"},{"fixed":"a2bee43b451615531ae6f3cf45054f02915ef885"},{"fixed":"b07630afe1671096dc64064190cae3b6165cf6e4"},{"fixed":"9df3c241fbf69edce968b20eeeeb3f6da34af041"},{"fixed":"1b9e5ade272f8be6421c9eea4c4f6810180017f9"},{"fixed":"2bb8bc99b1a7a46d83f95c46f530305f6df84eaf"},{"fixed":"295527bfdefd5bf31ec8218e2891a65777141d05"},{"fixed":"4891bf2b09c313622a6e07d7f108aa5e123c768d"},{"fixed":"9b3d15a758910bb98ba8feb4109d99cc67450ee4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40351.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.14.0"},{"fixed":"5.4.301"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.246"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.196"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.158"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.115"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.56"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.6"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40351.json"}}],"schema_version":"1.7.5"}