Skip to main content

Linux Kernel CVE-2025-71271

| EUVDEUVD-2025-209671 MEDIUM
2026-05-06 Linux GHSA-89mq-48rx-7w6j
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 13, 2026 - 00:00 vuln.today
CVSS changed
May 12, 2026 - 21:37 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:02 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: ensure sb->s_fs_info is always cleaned up

When hfsplus was converted to the new mount api a bug was introduced by changing the allocation pattern of sb->s_fs_info. If setup_bdev_super() fails after a new superblock has been allocated by sget_fc(), but before hfsplus_fill_super() takes ownership of the filesystem-specific s_fs_info data it was leaked.

Fix this by freeing sb->s_fs_info in hfsplus_kill_super().

AnalysisAI

Memory leak in hfsplus filesystem driver causes denial of service when superblock setup fails during mount operations. The vulnerability affects Linux kernels when hfsplus is mounted and the setup_bdev_super() function fails after superblock allocation but before hfsplus_fill_super() completes, leaving filesystem-specific data unfreed. Local authenticated users can trigger this condition to exhaust kernel memory and crash the system.

Technical ContextAI

The hfsplus filesystem implementation in the Linux kernel was refactored to use the new mount API, which changed how sb->s_fs_info (superblock filesystem-specific information) is allocated and managed. The vulnerability exists in the error handling path: when sget_fc() allocates a new superblock structure and setup_bdev_super() fails before hfsplus_fill_super() has been called to take ownership of the allocated s_fs_info structure, the memory is not freed. This is a resource management failure in kernel filesystem code that affects the HFS+ (Apple Hierarchical File System Plus) driver. The fix adds explicit cleanup in hfsplus_kill_super() to ensure s_fs_info is always deallocated regardless of the initialization path taken.

RemediationAI

Apply the vendor-released patch from kernel.org stable trees: Linux 6.18.16+, 6.19.6+, or 7.0+. For systems using hfsplus, update to a patched kernel version matching your current branch (e.g., upgrade 6.18.x systems to 6.18.16 or later). The fix is available in upstream commit 0bcfebb83b5460d5be4e5c9dfb19cdaf3d4cb1db and has been backported to stable branches as referenced at https://git.kernel.org/stable/. If immediate kernel update is not feasible, restrict local user access to hfsplus mount operations using filesystem ACLs or SELinux policy to prevent unprivileged users from triggering the mount failure path. Note that this workaround reduces functionality and is not a substitute for patching. Disable hfsplus filesystem support entirely if the system does not require HFS+ compatibility by removing the module or rebuilding the kernel without CONFIG_HFSPLUS if you are in control of the kernel build.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2025-71271 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy