CVE-2025-38712
hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
Description
In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the attributes file is not yet created, which later results in hitting BUG_ON() when hfsplus_create_attributes_file() is called. Replace this BUG_ON() with -EIO error with a message to suggest running fsck tool.
INFO
Published Date :
Sept. 4, 2025, 4:15 p.m.
Last Modified :
Sept. 5, 2025, 5:47 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Apply the latest Linux kernel updates.
- Run the fsck tool on the affected filesystem.
- Consider filesystem integrity checks on mount.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-38712.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-38712 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-38712
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-38712 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-38712 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Sep. 04, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the attributes file is not yet created, which later results in hitting BUG_ON() when hfsplus_create_attributes_file() is called. Replace this BUG_ON() with -EIO error with a message to suggest running fsck tool. Added Reference https://git.kernel.org/stable/c/03cd1db1494cf930e2fa042c9c13e32bffdb4eba Added Reference https://git.kernel.org/stable/c/1bb8da27ff15e346d4bc9e248e819c9a88ebf9d6 Added Reference https://git.kernel.org/stable/c/9046566fa692f88954dac8c510f37ee17a15fdb7 Added Reference https://git.kernel.org/stable/c/b3359392b75395a31af739a761f48f4041148226 Added Reference https://git.kernel.org/stable/c/bb0eea8e375677f586ad11c12e2525ed3fc698c2 Added Reference https://git.kernel.org/stable/c/c7c6363ca186747ebc2df10c8a1a51e66e0e32d9 Added Reference https://git.kernel.org/stable/c/ce5e387f396cbb5c061d9837abcac731e9e06f4d Added Reference https://git.kernel.org/stable/c/d768e3ed430e89a699bf89d3214dcbbf4648c939 Added Reference https://git.kernel.org/stable/c/dee5c668ad71ddbcb4b48d95e8a4f371314ad41d