U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-38715 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfs_bnode_read() This patch introduces is_bnode_offset_valid() method that checks the requested offset value. Also, it introduces check_and_correct_requested_length() method that checks and correct the requested length (if it is necessary). These methods are used in hfs_bnode_read(), hfs_bnode_write(), hfs_bnode_clear(), hfs_bnode_copy(), and hfs_bnode_move() with the goal to prevent the access out of allocated memory and triggering the crash.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/384a66b89f9540a9a8cb0f48807697dfabaece4c kernel.org
https://git.kernel.org/stable/c/67ecc81f6492275c9c54280532f558483c99c90e kernel.org
https://git.kernel.org/stable/c/a1a60e79502279f996e55052f50cc14919020475 kernel.org
https://git.kernel.org/stable/c/a431930c9bac518bf99d6b1da526a7f37ddee8d8 kernel.org
https://git.kernel.org/stable/c/e7d2dc2421e821e4045775e6dc226378328de6f6 kernel.org
https://git.kernel.org/stable/c/eec522fd0d28106b14a59ab2d658605febe4a3bb kernel.org
https://git.kernel.org/stable/c/efc095b35b23297e419c2ab4fc1ed1a8f0781a29 kernel.org
https://git.kernel.org/stable/c/fc7f732984ec91f30be3e574e0644066d07f2b78 kernel.org
https://git.kernel.org/stable/c/fe2891a9c43ab87d1a210d61e6438ca6936e2f62 kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-38715
NVD Published Date:
09/04/2025
NVD Last Modified:
09/04/2025
Source:
kernel.org