CVE-2025-40244

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: fix KMSAN uninit-value issue in _hfsplusextcacheextent()

The syzbot reported issue in _hfsplusextcacheextent():

[ 70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplusextcache_extent+0x7d0/0x990 [ 70.195022][ T9350] __hfsplusextcache_extent+0x7d0/0x990 [ 70.195530][ T9350] hfsplusfileextend+0x74f/0x1cf0 [ 70.195998][ T9350] hfsplusgetblock+0xe16/0x17b0 [ 70.196458][ T9350] __blockwritebegin_int+0x962/0x2ce0 [ 70.196959][ T9350] contwritebegin+0x1000/0x1950 [ 70.197416][ T9350] hfspluswritebegin+0x85/0x130 [ 70.197873][ T9350] genericperformwrite+0x3e8/0x1060 [ 70.198374][ T9350] __genericfilewriteiter+0x215/0x460 [ 70.198892][ T9350] genericfilewriteiter+0x109/0x5e0 [ 70.199393][ T9350] vfswrite+0xb0f/0x14e0 [ 70.199771][ T9350] ksyswrite+0x23e/0x490 [ 70.200149][ T9350] __x64syswrite+0x97/0xf0 [ 70.200570][ T9350] x64syscall+0x3015/0x3cf0 [ 70.201065][ T9350] dosyscall64+0xd9/0x1d0 [ 70.201506][ T9350] entrySYSCALL64afterhwframe+0x77/0x7f [ 70.202054][ T9350] [ 70.202279][ T9350] Uninit was created at: [ 70.202693][ T9350] __kmallocnoprof+0x621/0xf80 [ 70.203149][ T9350] hfsplusfind_init+0x8d/0x1d0 [ 70.203602][ T9350] hfsplusfileextend+0x6ca/0x1cf0 [ 70.204087][ T9350] hfsplusgetblock+0xe16/0x17b0 [ 70.204561][ T9350] __blockwritebegin_int+0x962/0x2ce0 [ 70.205074][ T9350] contwritebegin+0x1000/0x1950 [ 70.205547][ T9350] hfspluswritebegin+0x85/0x130 [ 70.206017][ T9350] genericperformwrite+0x3e8/0x1060 [ 70.206519][ T9350] __genericfilewriteiter+0x215/0x460 [ 70.207042][ T9350] genericfilewriteiter+0x109/0x5e0 [ 70.207552][ T9350] vfswrite+0xb0f/0x14e0 [ 70.207961][ T9350] ksyswrite+0x23e/0x490 [ 70.208375][ T9350] __x64syswrite+0x97/0xf0 [ 70.208810][ T9350] x64syscall+0x3015/0x3cf0 [ 70.209255][ T9350] dosyscall64+0xd9/0x1d0 [ 70.209680][ T9350] entrySYSCALL64afterhwframe+0x77/0x7f [ 70.210230][ T9350] [ 70.210454][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Not tainted 6.12.0-rc5 #5 [ 70.211174][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.212115][ T9350] ===================================================== [ 70.212734][ T9350] Disabling lock debugging due to kernel taint [ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic set ... [ 70.213858][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Tainted: G B 6.12.0-rc5 #5 [ 70.214679][ T9350] Tainted: [B]=BADPAGE [ 70.215057][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.215999][ T9350] Call Trace: [ 70.216309][ T9350] <TASK> [ 70.216585][ T9350] dumpstacklvl+0x1fd/0x2b0 [ 70.217025][ T9350] dumpstack+0x1e/0x30 [ 70.217421][ T9350] panic+0x502/0xca0 [ 70.217803][ T9350] ? kmsangetmetadata+0x13e/0x1c0

[ 70.218294][ Message fromT sy9350] kmsanreport+0x296/slogd@syzkaller 0x2aat Aug 18 22:11:058 ... kernel :[ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic [ 70.220179][ T9350] ? kmsanget_metadata+0x13e/0x1c0 set ... [ 70.221254][ T9350] ? __msan_warning+0x96/0x120 [ 70.222066][ T9350] ? __hfsplusextcacheextent+0x7d0/0x990 [ 70.223023][ T9350] ? hfsplusfileextend+0x74f/0x1cf0 [ 70.224120][ T9350] ? hfsplusget_block+0xe16/0x17b0 [ 70.224946][ T9350] ? __blockwritebeginint+0x962/0x2ce0 [ 70.225756][ T9350] ? contwritebegin+0x1000/0x1950 [ 70.226337][ T9350] ? hfspluswritebegin+0x85/0x130 [ 70.226852][ T9350] ? genericperform_write+0x3e8/0x1060 [ 70.227405][ T9350] ? __genericfilewriteiter+0x215/0x460 [ 70.227979][ T9350] ? genericfilewriteiter+0x109/0x5e0 [ 70.228540][ T9350] ? vfswrite+0xb0f/0x14e0 [ 70.228997][ T9350] ? ksyswrite+0x23e/0x490 ---truncated---