[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-40082":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":23,"related":24,"reserved_at":9,"published_at":25,"modified_at":26,"state":9,"summary":27,"references_raw":29,"kevs":36,"epss":9,"epss_history":37,"metrics":38,"affected":45},"DEBIAN-CVE-2025-40082","In the Linux kernel, the following vulnerability has been resolved:  hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()  BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290  CPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace:  \u003CTASK>  __dump_stack lib/dump_stack.c:94 [inline]  dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120  print_address_description mm/kasan/report.c:378 [inline]  print_report+0xca/0x5f0 mm/kasan/report.c:482  kasan_report+0xca/0x100 mm/kasan/report.c:595  hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186  hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738  vfs_listxattr+0xbe/0x140 fs/xattr.c:493  listxattr+0xee/0x190 fs/xattr.c:924  filename_listxattr fs/xattr.c:958 [inline]  path_listxattrat+0x143/0x360 fs/xattr.c:988  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]  do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94  entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fe0e9fae16d Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003C48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3 RAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 RBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000  \u003C/TASK>  Allocated by task 14290:  kasan_save_stack+0x24/0x50 mm/kasan/common.c:47  kasan_save_track+0x14/0x30 mm/kasan/common.c:68  poison_kmalloc_redzone mm/kasan/common.c:377 [inline]  __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394  kasan_kmalloc include/linux/kasan.h:260 [inline]  __do_kmalloc_node mm/slub.c:4333 [inline]  __kmalloc_noprof+0x219/0x540 mm/slub.c:4345  kmalloc_noprof include/linux/slab.h:909 [inline]  hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21  hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697  vfs_listxattr+0xbe/0x140 fs/xattr.c:493  listxattr+0xee/0x190 fs/xattr.c:924  filename_listxattr fs/xattr.c:958 [inline]  path_listxattrat+0x143/0x360 fs/xattr.c:988  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]  do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94  entry_SYSCALL_64_after_hwframe+0x77/0x7f  When hfsplus_uni2asc is called from hfsplus_listxattr, it actually passes in a struct hfsplus_attr_unistr*. The size of the corresponding structure is different from that of hfsplus_unistr, so the previous fix (94458781aee6) is insufficient. The pointer on the unicode buffer is still going beyond the allocated memory.  This patch introduces two warpper functions hfsplus_uni2asc_xattr_str and hfsplus_uni2asc_str to process two unicode buffers, struct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively. When ustrlen value is bigger than the allocated memory size, the ustrlen value is limited to an safe size.",null,[],[],[],[14],{"_key":15},"CVE-2025-40082",[17,19,21],{"_key":18},"DSA-6141-1",{"_key":20},"DLA-4499-1",{"_key":22},"DSA-6163-1",[],[],"2025-10-28T12:15:42.840Z","2026-04-28T20:30:26.636351Z",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[30],{"url":31,"sources":32,"tags":34},"https://security-tracker.debian.org/tracker/CVE-2025-40082",[33],"osv_debian",[35],"Advisory",[],[],[39],{"source":33,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":40,"cvss_v4_0":9},{"baseScore":41,"baseSeverity":9,"vectorString":42,"impactScore":43,"exploitabilityScore":44},7.1,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",8.7,4.6,[46,68],{"ecosystem":47,"name":48,"vendor":49,"product":48,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":48,"source":9,"versions":51},"Debian","linux","debian","deb",[52,56,57,58,62,65],{"version":53,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",true,"ecosystem",{"version":53,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":53,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":59,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":60,"version_end_type":61,"fixed_in":9},"lt6_1_164_1","6.1.164-1","excluding",{"version":63,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":64,"version_end_type":61,"fixed_in":9},"lt6_12_73_1","6.12.73-1",{"version":66,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":67,"version_end_type":61,"fixed_in":9},"lt6_17_6_1","6.17.6-1",{"ecosystem":47,"name":69,"vendor":49,"product":69,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":69,"source":9,"versions":70},"linux-6.1",[71],{"version":72,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":73,"version_end_type":61,"fixed_in":9},"lt6_1_164_1~deb11u1","6.1.164-1~deb11u1"]