Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-71230

CVE-2025-71230: Linux Kernel HFS Information Disclosure

CVE-2025-71230 is an information disclosure vulnerability in the Linux kernel's HFS filesystem that causes memory leaks when mount operations fail. This article covers technical details, affected versions, and mitigations.

Published:

CVE-2025-71230 Overview

A memory leak vulnerability exists in the Linux kernel's HFS filesystem implementation. When HFS was converted to the new mount API, a bug was introduced that changed the allocation pattern of sb->s_fs_info. If setup_bdev_super() fails after a new superblock has been allocated by sget_fc(), but before hfs_fill_super() takes ownership of the filesystem-specific s_fs_info data, the memory is leaked.

Critical Impact

This vulnerability can lead to kernel memory exhaustion through repeated mount failures, potentially causing system instability or denial of service conditions on systems that handle HFS filesystem mounts.

Affected Products

  • Linux Kernel (HFS filesystem component)
  • Systems with HFS filesystem support enabled
  • Linux distributions using affected kernel versions

Discovery Timeline

  • 2026-02-18 - CVE CVE-2025-71230 published to NVD
  • 2026-02-18 - Last updated in NVD database

Technical Details for CVE-2025-71230

Vulnerability Analysis

The vulnerability resides in the HFS filesystem driver within the Linux kernel. During the migration to the new mount API, the allocation and ownership semantics of the superblock's filesystem-specific information (sb->s_fs_info) were altered in a way that introduced a memory leak condition.

The issue occurs in a specific failure path: when setup_bdev_super() encounters an error after sget_fc() has successfully allocated a new superblock but before hfs_fill_super() has completed and taken ownership of the s_fs_info structure. In this window, the allocated memory has no owner responsible for freeing it, resulting in a memory leak.

Root Cause

The root cause is improper resource management during filesystem mount operations. The conversion to the new mount API changed when and how sb->s_fs_info is allocated and freed. The original implementation properly handled cleanup in all failure scenarios, but the new implementation introduced a gap where early failures in setup_bdev_super() would leave allocated memory orphaned without a cleanup handler registered.

Attack Vector

The vulnerability can be triggered through repeated mount operations targeting the HFS filesystem. An attacker with the ability to mount filesystems (either through direct system access or by influencing mount operations) could repeatedly trigger the failure condition to exhaust kernel memory. The attack vector requires local access to the system with sufficient privileges to attempt filesystem mounts.

The fix implemented in hfs_kill_super() ensures that sb->s_fs_info is properly freed during superblock destruction, closing the memory leak regardless of where in the mount process the failure occurs.

Detection Methods for CVE-2025-71230

Indicators of Compromise

  • Unusual kernel memory consumption growth over time
  • Repeated HFS mount failure messages in system logs
  • Kernel memory allocation warnings or out-of-memory conditions

Detection Strategies

  • Monitor system logs for repeated HFS mount failures using dmesg or syslog analysis
  • Track kernel slab allocations related to HFS filesystem structures
  • Implement kernel memory usage monitoring with alerting on abnormal growth patterns
  • Review mount operation logs for suspicious patterns of failed mount attempts

Monitoring Recommendations

  • Enable kernel memory debugging options to detect memory leaks
  • Configure system monitoring to alert on kernel memory exhaustion
  • Audit mount operations for HFS filesystems on affected systems
  • Implement rate limiting on filesystem mount operations where feasible

How to Mitigate CVE-2025-71230

Immediate Actions Required

  • Apply the kernel patches from the official Linux kernel git repository
  • Consider disabling HFS filesystem support if not required (CONFIG_HFS_FS=n)
  • Restrict mount privileges to trusted users only
  • Monitor systems for signs of memory exhaustion

Patch Information

The vulnerability has been resolved in the Linux kernel. The fix ensures sb->s_fs_info is properly freed in hfs_kill_super(), eliminating the memory leak in all failure scenarios. Official patches are available through the Linux kernel git repository:

Workarounds

  • Disable HFS filesystem support in kernel configuration if not required
  • Restrict filesystem mount operations to trusted administrators
  • Implement mount operation monitoring and rate limiting
  • Use containerization to isolate mount operations from the host kernel
bash
# Disable HFS filesystem module loading
echo "install hfs /bin/false" >> /etc/modprobe.d/disable-hfs.conf
echo "install hfsplus /bin/false" >> /etc/modprobe.d/disable-hfs.conf

# Unload the module if currently loaded
modprobe -r hfs 2>/dev/null || true
modprobe -r hfsplus 2>/dev/null || true

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.