1. Home
  2. Vulnerabilities
  3. CVE-2023-54130
0.0
NA
CVE-2023-54130
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
Description

In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanity check") fixed a build warning by turning a comment into a WARN_ON(), but it turns out that syzbot then complains because it can trigger said warning with a corrupted hfs image. The warning actually does warn about a bad situation, but we are much better off just handling it as the error it is. So rather than warn about us doing bad things, stop doing the bad things and return -EIO. While at it, also fix a memory leak that was introduced by an earlier fix for a similar syzbot warning situation, and add a check for one case that historically wasn't handled at all (ie neither comment nor subsequent WARN_ON).

INFO

Published Date :

Dec. 24, 2025, 1:16 p.m.

Last Modified :

Dec. 24, 2025, 1:16 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2023-54130 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Solution
Handle HFS+ errors properly and fix memory leaks in the Linux kernel.
  • Apply the patch for commit 55d1cbbbb29e.
  • Address the reported sanity check warnings.
  • Fix introduced memory leaks.
  • Add missing error handling for HFS+ images.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-54130.

URL Resource
https://git.kernel.org/stable/c/45917be9f0af339a45b4619f31c902d37b8aed59
https://git.kernel.org/stable/c/82725be426bce0a425cc5e26fbad61ffd29cff03
https://git.kernel.org/stable/c/90e019006644dad35862cb4aa270f561b0732066
https://git.kernel.org/stable/c/be01f35efa876eb81cebab2cb0add068b7280ef4
https://git.kernel.org/stable/c/cb7a95af78d29442b8294683eca4897544b8ef46
https://git.kernel.org/stable/c/cc2164ada548addfa8ee215196661c3afe0c5154
https://git.kernel.org/stable/c/da23752d9660ba7a8ca6c5768fd8776f67f59ee7
https://git.kernel.org/stable/c/f10defb0be6ac42fb6a97b45920d32da6bd6fde8
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-54130 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-54130 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-54130 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2023-54130 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 24, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanity check") fixed a build warning by turning a comment into a WARN_ON(), but it turns out that syzbot then complains because it can trigger said warning with a corrupted hfs image. The warning actually does warn about a bad situation, but we are much better off just handling it as the error it is. So rather than warn about us doing bad things, stop doing the bad things and return -EIO. While at it, also fix a memory leak that was introduced by an earlier fix for a similar syzbot warning situation, and add a check for one case that historically wasn't handled at all (ie neither comment nor subsequent WARN_ON).
    Added Reference https://git.kernel.org/stable/c/45917be9f0af339a45b4619f31c902d37b8aed59
    Added Reference https://git.kernel.org/stable/c/82725be426bce0a425cc5e26fbad61ffd29cff03
    Added Reference https://git.kernel.org/stable/c/90e019006644dad35862cb4aa270f561b0732066
    Added Reference https://git.kernel.org/stable/c/be01f35efa876eb81cebab2cb0add068b7280ef4
    Added Reference https://git.kernel.org/stable/c/cb7a95af78d29442b8294683eca4897544b8ef46
    Added Reference https://git.kernel.org/stable/c/cc2164ada548addfa8ee215196661c3afe0c5154
    Added Reference https://git.kernel.org/stable/c/da23752d9660ba7a8ca6c5768fd8776f67f59ee7
    Added Reference https://git.kernel.org/stable/c/f10defb0be6ac42fb6a97b45920d32da6bd6fde8
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.