CVE-2025-40351

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: fix KMSAN uninit-value issue in hfsplusdeletecat()

The syzbot reported issue in hfsplusdeletecat():

[ 70.682285][ T9333] ===================================================== [ 70.682943][ T9333] BUG: KMSAN: uninit-value in hfsplussubfoldersdec+0x1d7/0x220 [ 70.683640][ T9333] hfsplussubfoldersdec+0x1d7/0x220 [ 70.684141][ T9333] hfsplusdeletecat+0x105d/0x12b0 [ 70.684621][ T9333] hfsplusrmdir+0x13d/0x310 [ 70.685048][ T9333] vfsrmdir+0x5ba/0x810 [ 70.685447][ T9333] do_rmdir+0x964/0xea0 [ 70.685833][ T9333] __x64sysrmdir+0x71/0xb0 [ 70.686260][ T9333] x64syscall+0xcd8/0x3cf0 [ 70.686695][ T9333] dosyscall64+0xd9/0x1d0 [ 70.687119][ T9333] entrySYSCALL64afterhwframe+0x77/0x7f [ 70.687646][ T9333] [ 70.687856][ T9333] Uninit was stored to memory at: [ 70.688311][ T9333] hfsplussubfoldersinc+0x1c2/0x1d0 [ 70.688779][ T9333] hfspluscreatecat+0x148e/0x1800 [ 70.689231][ T9333] hfsplusmknod+0x27f/0x600 [ 70.689730][ T9333] hfsplusmkdir+0x5a/0x70 [ 70.690146][ T9333] vfsmkdir+0x483/0x7a0 [ 70.690545][ T9333] domkdirat+0x3f2/0xd30 [ 70.690944][ T9333] __x64sysmkdir+0x9a/0xf0 [ 70.691380][ T9333] x64_syscall+0x2f89/0x3cf0 [ 70.691816][ T9333] dosyscall64+0xd9/0x1d0 [ 70.692229][ T9333] entrySYSCALL64afterhwframe+0x77/0x7f [ 70.692773][ T9333] [ 70.692990][ T9333] Uninit was stored to memory at: [ 70.693469][ T9333] hfsplussubfoldersinc+0x1c2/0x1d0 [ 70.693960][ T9333] hfspluscreatecat+0x148e/0x1800 [ 70.694438][ T9333] hfsplusfillsuper+0x21c1/0x2700 [ 70.694911][ T9333] mountbdev+0x37b/0x530 [ 70.695320][ T9333] hfsplusmount+0x4d/0x60 [ 70.695729][ T9333] legacygettree+0x113/0x2c0 [ 70.696167][ T9333] vfsgettree+0xb3/0x5c0 [ 70.696588][ T9333] donewmount+0x73e/0x1630 [ 70.697013][ T9333] pathmount+0x6e3/0x1eb0 [ 70.697425][ T9333] __sesysmount+0x733/0x830 [ 70.697857][ T9333] __x64sysmount+0xe4/0x150 [ 70.698269][ T9333] x64syscall+0x2691/0x3cf0 [ 70.698704][ T9333] dosyscall64+0xd9/0x1d0 [ 70.699117][ T9333] entrySYSCALL64afterhwframe+0x77/0x7f [ 70.699730][ T9333] [ 70.699946][ T9333] Uninit was created at: [ 70.700378][ T9333] __allocpagesnoprof+0x714/0xe60 [ 70.700843][ T9333] allocpagesmpolnoprof+0x2a2/0x9b0 [ 70.701331][ T9333] allocpagesnoprof+0xf8/0x1f0 [ 70.701774][ T9333] allocateslab+0x30e/0x1390 [ 70.702194][ T9333] ___slaballoc+0x1049/0x33a0 [ 70.702635][ T9333] kmemcachealloclrunoprof+0x5ce/0xb20 [ 70.703153][ T9333] hfsplusallocinode+0x5a/0xd0 [ 70.703598][ T9333] allocinode+0x82/0x490 [ 70.703984][ T9333] igetlocked+0x22e/0x1320 [ 70.704428][ T9333] hfsplusiget+0x5c/0xba0 [ 70.704827][ T9333] hfsplusbtreeopen+0x135/0x1dd0 [ 70.705291][ T9333] hfsplusfillsuper+0x1132/0x2700 [ 70.705776][ T9333] mountbdev+0x37b/0x530 [ 70.706171][ T9333] hfsplusmount+0x4d/0x60 [ 70.706579][ T9333] legacygettree+0x113/0x2c0 [ 70.707019][ T9333] vfsgettree+0xb3/0x5c0 [ 70.707444][ T9333] donewmount+0x73e/0x1630 [ 70.707865][ T9333] path_mount+0x6e3/0x1eb0 [ 70.708270][ T9333] __sesysmount+0x733/0x830 [ 70.708711][ T9333] __x64sysmount+0xe4/0x150 [ 70.709158][ T9333] x64syscall+0x2691/0x3cf0 [ 70.709630][ T9333] dosyscall64+0xd9/0x1d0 [ 70.710053][ T9333] entrySYSCALL64afterhwframe+0x77/0x7f [ 70.710611][ T9333] [ 70.710842][ T9333] CPU: 3 UID: 0 PID: 9333 Comm: repro Not tainted 6.12.0-rc6-dirty #17 [ 70.711568][ T9333] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.712490][ T9333] ===================================================== [ 70.713085][ T9333] Disabling lock debugging due to kernel taint [ 70.713618][ T9333] Kernel panic - not syncing: kmsan.panic set ... [ 70.714159][ T9333] ---truncated---