Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-40351
CVE-2025-40351
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() The syzbot reported issue in hfsplus_delete_cat(): [ 70.682285][ T9333] ===================================================== [ 70.682943][ T9333] BUG: KMSAN: uninit-value in hfsplus_subfolders_dec+0x1d7/0x220 [ 70.683640][ T9333] hfsplus_subfolders_dec+0x1d7/0x220 [ 70.684141][ T9333] hfsplus_delete_cat+0x105d/0x12b0 [ 70.684621][ T9333] hfsplus_rmdir+0x13d/0x310 [ 70.685048][ T9333] vfs_rmdir+0x5ba/0x810 [ 70.685447][ T9333] do_rmdir+0x964/0xea0 [ 70.685833][ T9333] __x64_sys_rmdir+0x71/0xb0 [ 70.686260][ T9333] x64_sys_call+0xcd8/0x3cf0 [ 70.686695][ T9333] do_syscall_64+0xd9/0x1d0 [ 70.687119][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.687646][ T9333] [ 70.687856][ T9333] Uninit was stored to memory at: [ 70.688311][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0 [ 70.688779][ T9333] hfsplus_create_cat+0x148e/0x1800 [ 70.689231][ T9333] hfsplus_mknod+0x27f/0x600 [ 70.689730][ T9333] hfsplus_mkdir+0x5a/0x70 [ 70.690146][ T9333] vfs_mkdir+0x483/0x7a0 [ 70.690545][ T9333] do_mkdirat+0x3f2/0xd30 [ 70.690944][ T9333] __x64_sys_mkdir+0x9a/0xf0 [ 70.691380][ T9333] x64_sys_call+0x2f89/0x3cf0 [ 70.691816][ T9333] do_syscall_64+0xd9/0x1d0 [ 70.692229][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.692773][ T9333] [ 70.692990][ T9333] Uninit was stored to memory at: [ 70.693469][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0 [ 70.693960][ T9333] hfsplus_create_cat+0x148e/0x1800 [ 70.694438][ T9333] hfsplus_fill_super+0x21c1/0x2700 [ 70.694911][ T9333] mount_bdev+0x37b/0x530 [ 70.695320][ T9333] hfsplus_mount+0x4d/0x60 [ 70.695729][ T9333] legacy_get_tree+0x113/0x2c0 [ 70.696167][ T9333] vfs_get_tree+0xb3/0x5c0 [ 70.696588][ T9333] do_new_mount+0x73e/0x1630 [ 70.697013][ T9333] path_mount+0x6e3/0x1eb0 [ 70.697425][ T9333] __se_sys_mount+0x733/0x830 [ 70.697857][ T9333] __x64_sys_mount+0xe4/0x150 [ 70.698269][ T9333] x64_sys_call+0x2691/0x3cf0 [ 70.698704][ T9333] do_syscall_64+0xd9/0x1d0 [ 70.699117][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.699730][ T9333] [ 70.699946][ T9333] Uninit was created at: [ 70.700378][ T9333] __alloc_pages_noprof+0x714/0xe60 [ 70.700843][ T9333] alloc_pages_mpol_noprof+0x2a2/0x9b0 [ 70.701331][ T9333] alloc_pages_noprof+0xf8/0x1f0 [ 70.701774][ T9333] allocate_slab+0x30e/0x1390 [ 70.702194][ T9333] ___slab_alloc+0x1049/0x33a0 [ 70.702635][ T9333] kmem_cache_alloc_lru_noprof+0x5ce/0xb20 [ 70.703153][ T9333] hfsplus_alloc_inode+0x5a/0xd0 [ 70.703598][ T9333] alloc_inode+0x82/0x490 [ 70.703984][ T9333] iget_locked+0x22e/0x1320 [ 70.704428][ T9333] hfsplus_iget+0x5c/0xba0 [ 70.704827][ T9333] hfsplus_btree_open+0x135/0x1dd0 [ 70.705291][ T9333] hfsplus_fill_super+0x1132/0x2700 [ 70.705776][ T9333] mount_bdev+0x37b/0x530 [ 70.706171][ T9333] hfsplus_mount+0x4d/0x60 [ 70.706579][ T9333] legacy_get_tree+0x113/0x2c0 [ 70.707019][ T9333] vfs_get_tree+0xb3/0x5c0 [ 70.707444][ T9333] do_new_mount+0x73e/0x1630 [ 70.707865][ T9333] path_mount+0x6e3/0x1eb0 [ 70.708270][ T9333] __se_sys_mount+0x733/0x830 [ 70.708711][ T9333] __x64_sys_mount+0xe4/0x150 [ 70.709158][ T9333] x64_sys_call+0x2691/0x3cf0 [ 70.709630][ T9333] do_syscall_64+0xd9/0x1d0 [ 70.710053][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.710611][ T9333] [ 70.710842][ T9333] CPU: 3 UID: 0 PID: 9333 Comm: repro Not tainted 6.12.0-rc6-dirty #17 [ 70.711568][ T9333] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.712490][ T9333] ===================================================== [ 70.713085][ T9333] Disabling lock debugging due to kernel taint [ 70.713618][ T9333] Kernel panic - not syncing: kmsan.panic set ... [ 70.714159][ T9333] ---truncated---
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Published Dec 17, 2025
https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-40351-55f8@gregkh/
CVSS Score
Medium
5.5
Ecosystem
Package
Version
Ecosystem
Package
Version
rpm
kernel
2.6.32-131.0.15.el6
rpm
kernel
2.6.32-131.12.1.el6
rpm
kernel
2.6.32-131.17.1.el6
rpm
kernel
2.6.32-131.2.1.el6
rpm
kernel
2.6.32-131.21.1.el6
rpm
kernel
2.6.32-131.4.1.el6
rpm
kernel
2.6.32-131.6.1.el6
rpm
kernel
2.6.32-220.13.1.el6
rpm
kernel
2.6.32-220.17.1.el6
rpm
kernel
2.6.32-220.2.1.el6
rpm
kernel
2.6.32-220.23.1.el6
rpm
kernel
2.6.32-220.4.1.el6
rpm
kernel
2.6.32-220.4.2.el6
rpm
kernel
2.6.32-220.7.1.el6
rpm
kernel
2.6.32-220.el6
rpm
kernel
2.6.32-279.1.1.el6
rpm
kernel
2.6.32-279.11.1.el6
rpm
kernel
2.6.32-279.14.1.el6
rpm
kernel
2.6.32-279.19.1.el6
rpm
kernel
2.6.32-279.2.1.el6
rpm
kernel
2.6.32-279.22.1.el6
rpm
kernel
2.6.32-279.5.1.el6
rpm
kernel
2.6.32-279.5.2.el6
rpm
kernel
2.6.32-279.9.1.el6
rpm
kernel
2.6.32-279.el6
rpm
kernel
2.6.32-358.0.1.el6
rpm
kernel
2.6.32-358.11.1.el6
rpm
kernel
2.6.32-358.14.1.el6
rpm
kernel
2.6.32-358.18.1.el6
rpm
kernel
2.6.32-358.2.1.el6
rpm
kernel
2.6.32-358.23.2.el6
rpm
kernel
2.6.32-358.6.1.el6
rpm
kernel
2.6.32-358.6.2.el6
rpm
kernel
2.6.32-358.el6
rpm
kernel
2.6.32-431.1.2.el6
rpm
kernel
2.6.32-431.11.2.el6
rpm
kernel
2.6.32-431.17.1.el6
rpm
kernel
2.6.32-431.20.3.el6
rpm
kernel
2.6.32-431.20.5.el6
rpm
kernel
2.6.32-431.23.3.el6
rpm
kernel
2.6.32-431.29.2.el6
rpm
kernel
2.6.32-431.3.1.el6
rpm
kernel
2.6.32-431.5.1.el6
rpm
kernel
2.6.32-431.el6
rpm
kernel
2.6.32-504.1.3.el6
rpm
kernel
2.6.32-504.12.2.el6
rpm
kernel
2.6.32-504.16.2.el6
rpm
kernel
2.6.32-504.23.4.el6
rpm
kernel
2.6.32-504.3.3.el6
rpm
kernel
2.6.32-504.30.3.el6
1-50 of 723
CVE-2025-40351 | Components Impacted | Sonatype Guide | Sonatype Guide
