CVE-2025-37742

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-37742
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37742.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37742
Downstream
Related
Published
2025-05-01T12:55:50.603Z
Modified
2026-03-20T12:42:23.199164Z
Summary
jfs: Fix uninit-value access of imap allocated in the diMount() function
Details

In the Linux kernel, the following vulnerability has been resolved:

jfs: Fix uninit-value access of imap allocated in the diMount() function

syzbot reports that hexdumpto_buffer is using uninit-value:

===================================================== BUG: KMSAN: uninit-value in hexdumptobuffer+0x888/0x1100 lib/hexdump.c:171 hexdumptobuffer+0x888/0x1100 lib/hexdump.c:171 printhexdump+0x13d/0x3e0 lib/hexdump.c:276 diFree+0x5ba/0x4350 fs/jfs/jfsimap.c:876 jfsevictinode+0x510/0x550 fs/jfs/inode.c:156 evict+0x723/0xd10 fs/inode.c:796 iputfinal fs/inode.c:1946 [inline] iput+0x97b/0xdb0 fs/inode.c:1972 txUpdateMap+0xf3e/0x1150 fs/jfs/jfstxnmgr.c:2367 txLazyCommit fs/jfs/jfstxnmgr.c:2664 [inline] jfslazycommit+0x627/0x11d0 fs/jfs/jfstxnmgr.c:2733 kthread+0x6b9/0xef0 kernel/kthread.c:464 retfromfork+0x6d/0x90 arch/x86/kernel/process.c:148 retfromforkasm+0x1a/0x30 arch/x86/entry/entry64.S:244

Uninit was created at: slabpostallochook mm/slub.c:4121 [inline] slaballoc_node mm/slub.c:4164 [inline] __kmalloccachenoprof+0x8e3/0xdf0 mm/slub.c:4320 kmallocnoprof include/linux/slab.h:901 [inline] diMount+0x61/0x7f0 fs/jfs/jfsimap.c:105 jfsmount+0xa8e/0x11d0 fs/jfs/jfsmount.c:176 jfsfillsuper+0xa47/0x17c0 fs/jfs/super.c:523 gettreebdevflags+0x6ec/0x910 fs/super.c:1636 gettreebdev+0x37/0x50 fs/super.c:1659 jfsgettree+0x34/0x40 fs/jfs/super.c:635 vfsgettree+0xb1/0x5a0 fs/super.c:1814 donewmount+0x71f/0x15e0 fs/namespace.c:3560 pathmount+0x742/0x1f10 fs/namespace.c:3887 do_mount fs/namespace.c:3900 [inline] __dosysmount fs/namespace.c:4111 [inline] __sesysmount+0x71f/0x800 fs/namespace.c:4088 _x64sysmount+0xe4/0x150 fs/namespace.c:4088 x64syscall+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls64.h:166 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcd/0x1e0 arch/x86/entry/common.c:83

entrySYSCALL64afterhwframe+0x77/0x7f

The reason is that imap is not properly initialized after memory allocation. It will cause the snprintf() function to write uninitialized data into linebuf within hexdumpto_buffer().

Fix this by using kzalloc instead of kmalloc to clear its content at the beginning in diMount().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37742.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
4f10732712fce33e53703ffe5ed9155f23814097
Fixed
cab1852368dd74d629ee02abdbc559218ca64dde
Fixed
067347e00a3a7d04afed93f080c6c131e5dd15ee
Fixed
63148ce4904faa668daffdd1d3c1199ae315ef2c
Fixed
7057f3aab47629d38e54eae83505813cf0da1e4b
Fixed
d0d7eca253ccd0619b3d2b683ffe32218ebca9ac
Fixed
9629d7d66c621671d9a47afe27ca9336bfc8a9ea

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37742.json"