{"id":"DEBIAN-CVE-2025-40243","details":"In the Linux kernel, the following vulnerability has been resolved:  hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()  The syzbot reported issue in hfs_find_set_zero_bits():  ===================================================== BUG: KMSAN: uninit-value in hfs_find_set_zero_bits+0x74d/0xb60 fs/hfs/bitmap.c:45  hfs_find_set_zero_bits+0x74d/0xb60 fs/hfs/bitmap.c:45  hfs_vbm_search_free+0x13c/0x5b0 fs/hfs/bitmap.c:151  hfs_extend_file+0x6a5/0x1b00 fs/hfs/extent.c:408  hfs_get_block+0x435/0x1150 fs/hfs/extent.c:353  __block_write_begin_int+0xa76/0x3030 fs/buffer.c:2151  block_write_begin fs/buffer.c:2262 [inline]  cont_write_begin+0x10e1/0x1bc0 fs/buffer.c:2601  hfs_write_begin+0x85/0x130 fs/hfs/inode.c:52  cont_expand_zero fs/buffer.c:2528 [inline]  cont_write_begin+0x35a/0x1bc0 fs/buffer.c:2591  hfs_write_begin+0x85/0x130 fs/hfs/inode.c:52  hfs_file_truncate+0x1d6/0xe60 fs/hfs/extent.c:494  hfs_inode_setattr+0x964/0xaa0 fs/hfs/inode.c:654  notify_change+0x1993/0x1aa0 fs/attr.c:552  do_truncate+0x28f/0x310 fs/open.c:68  do_ftruncate+0x698/0x730 fs/open.c:195  do_sys_ftruncate fs/open.c:210 [inline]  __do_sys_ftruncate fs/open.c:215 [inline]  __se_sys_ftruncate fs/open.c:213 [inline]  __x64_sys_ftruncate+0x11b/0x250 fs/open.c:213  x64_sys_call+0xfe3/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:78  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]  do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94  entry_SYSCALL_64_after_hwframe+0x77/0x7f  Uninit was created at:  slab_post_alloc_hook mm/slub.c:4154 [inline]  slab_alloc_node mm/slub.c:4197 [inline]  __kmalloc_cache_noprof+0x7f7/0xed0 mm/slub.c:4354  kmalloc_noprof include/linux/slab.h:905 [inline]  hfs_mdb_get+0x1cc8/0x2a90 fs/hfs/mdb.c:175  hfs_fill_super+0x3d0/0xb80 fs/hfs/super.c:337  get_tree_bdev_flags+0x6e3/0x920 fs/super.c:1681  get_tree_bdev+0x38/0x50 fs/super.c:1704  hfs_get_tree+0x35/0x40 fs/hfs/super.c:388  vfs_get_tree+0xb0/0x5c0 fs/super.c:1804  do_new_mount+0x738/0x1610 fs/namespace.c:3902  path_mount+0x6db/0x1e90 fs/namespace.c:4226  do_mount fs/namespace.c:4239 [inline]  __do_sys_mount fs/namespace.c:4450 [inline]  __se_sys_mount+0x6eb/0x7d0 fs/namespace.c:4427  __x64_sys_mount+0xe4/0x150 fs/namespace.c:4427  x64_sys_call+0xfa7/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:166  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]  do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94  entry_SYSCALL_64_after_hwframe+0x77/0x7f  CPU: 1 UID: 0 PID: 12609 Comm: syz.1.2692 Not tainted 6.16.0-syzkaller #0 PREEMPT(none) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 =====================================================  The HFS_SB(sb)-\u003ebitmap buffer is allocated in hfs_mdb_get():  HFS_SB(sb)-\u003ebitmap = kmalloc(8192, GFP_KERNEL);  Finally, it can trigger the reported issue because kmalloc() doesn't clear the allocated memory. If allocated memory contains only zeros, then everything will work pretty fine. But if the allocated memory contains the \"garbage\", then it can affect the bitmap operations and it triggers the reported issue.  This patch simply exchanges the kmalloc() on kzalloc() with the goal to guarantee the correctness of bitmap operations. Because, newly created allocation bitmap should have all available blocks free. Potentially, initialization bitmap's read operation could not fill the whole allocated memory and \"garbage\" in the not initialized memory will be the reason of volume coruptions and file system driver bugs.","modified":"2026-04-28T20:30:09.417959Z","published":"2025-12-04T16:16:17.523Z","upstream":["CVE-2025-40243"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2025-40243"}],"affected":[{"package":{"name":"linux","ecosystem":"Debian:11","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.247-1"}]}],"versions":["5.10.103-1","5.10.103-1~bpo10+1","5.10.106-1","5.10.113-1","5.10.120-1","5.10.120-1~bpo10+1","5.10.127-1","5.10.127-2","5.10.127-2~bpo10+1","5.10.136-1","5.10.140-1","5.10.148-1","5.10.149-1","5.10.149-2","5.10.158-1","5.10.158-2","5.10.162-1","5.10.178-1","5.10.178-2","5.10.178-3","5.10.179-1","5.10.179-2","5.10.179-3","5.10.179-4","5.10.179-5","5.10.191-1","5.10.197-1","5.10.205-1","5.10.205-2","5.10.209-1","5.10.209-2","5.10.216-1","5.10.218-1","5.10.221-1","5.10.223-1","5.10.226-1","5.10.234-1","5.10.237-1","5.10.244-1","5.10.46-4","5.10.46-5","5.10.70-1","5.10.70-1~bpo10+1","5.10.84-1","5.10.92-1","5.10.92-1~bpo10+1","5.10.92-2"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-40243.json"}},{"package":{"name":"linux","ecosystem":"Debian:12","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.158-1"}]}],"versions":["6.1.106-1","6.1.106-2","6.1.106-3","6.1.112-1","6.1.115-1","6.1.119-1","6.1.123-1","6.1.124-1","6.1.128-1","6.1.129-1","6.1.133-1","6.1.135-1","6.1.137-1","6.1.139-1","6.1.140-1","6.1.147-1","6.1.148-1","6.1.153-1","6.1.27-1","6.1.37-1","6.1.38-1","6.1.38-2","6.1.38-2~bpo11+1","6.1.38-3","6.1.38-4","6.1.38-4~bpo11+1","6.1.52-1","6.1.55-1","6.1.55-1~bpo11+1","6.1.64-1","6.1.66-1","6.1.67-1","6.1.69-1","6.1.69-1~bpo11+1","6.1.76-1","6.1.76-1~bpo11+1","6.1.82-1","6.1.85-1","6.1.90-1","6.1.90-1~bpo11+1","6.1.94-1","6.1.94-1~bpo11+1","6.1.98-1","6.1.99-1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-40243.json"}},{"package":{"name":"linux","ecosystem":"Debian:13","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.12.57-1"}]}],"versions":["6.12.38-1","6.12.41-1","6.12.43-1","6.12.43-1~bpo12+1","6.12.48-1","6.12.57-1~bpo12+1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-40243.json"}},{"package":{"name":"linux","ecosystem":"Debian:14","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.17.6-1"}]}],"versions":["6.12.38-1","6.12.41-1","6.12.43-1","6.12.43-1~bpo12+1","6.12.48-1","6.12.57-1","6.12.57-1~bpo12+1","6.12.63-1","6.12.63-1~bpo12+1","6.12.69-1","6.12.69-1~bpo12+1","6.12.73-1","6.12.73-1~bpo12+1","6.12.74-1","6.12.74-2","6.12.74-2~bpo12+1","6.13.10-1~exp1","6.13.11-1~exp1","6.13.2-1~exp1","6.13.3-1~exp1","6.13.4-1~exp1","6.13.5-1~exp1","6.13.6-1~exp1","6.13.7-1~exp1","6.13.8-1~exp1","6.13.9-1~exp1","6.13~rc6-1~exp1","6.13~rc7-1~exp1","6.14.3-1~exp1","6.14.5-1~exp1","6.14.6-1~exp1","6.15-1~exp1","6.15.1-1~exp1","6.15.2-1~exp1","6.15.3-1~exp1","6.15.4-1~exp1","6.15.5-1~exp1","6.15.6-1~exp1","6.15~rc7-1~exp1","6.16-1~exp1","6.16.1-1~exp1","6.16.10-1","6.16.11-1","6.16.12-1","6.16.12-1~bpo13+1","6.16.12-2","6.16.3-1","6.16.3-1~bpo13+1","6.16.5-1","6.16.6-1","6.16.7-1","6.16.8-1","6.16.9-1","6.16~rc7-1~exp1","6.17.2-1~exp1","6.17.5-1~exp1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-40243.json"}}],"schema_version":"1.7.5"}