CVE-2025-71230 - Vulnerability Details

- hfs: ensure sb->s_fs_info is always cleaned up

Description

In the Linux kernel, the following vulnerability has been resolved:

hfs: ensure sb->s_fs_info is always cleaned up

When hfs was converted to the new mount api a bug was introduced by
changing the allocation pattern of sb->s_fs_info. If setup_bdev_super()
fails after a new superblock has been allocated by sget_fc(), but before
hfs_fill_super() takes ownership of the filesystem-specific s_fs_info
data it was leaked.

Fix this by freeing sb->s_fs_info in hfs_kill_super().

Published: 2026-02-18

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

When the HFS filesystem was migrated to the new mount API, a bug was introduced that incorrectly managed the allocation of sb->s_fs_info. If the superblock setup fails after allocation but before ownership is transferred by hfs_fill_super(), the allocated structure is never freed and a memory leak occurs. The object remains allocated in kernel memory, leading to gradual exhaustion of free memory with repeated failed mount attempts. The vulnerability does not directly provide code execution or data disclosure, but persistent leaks can degrade system stability over time.

Affected Systems

The flaw affects all Linux kernel releases that include the HFS filesystem implementation. Since the CPE string references the entire Linux kernel and no specific version is listed, any kernel containing the buggy HFS mounting logic is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.5 classifies the issue as moderate, reflecting that the leak requires local action involving a failed mount operation. The EPSS score of <1% suggests exploitation is unlikely in the wild at the time of this analysis. The vulnerability is not currently listed in the CISA KEV catalog. The attack likely requires a user with the ability to trigger mount operations, potentially elevating privileges through repeated exhaustion, but no direct remote exploitation path is documented. The risk is increased for systems that mount HFS images frequently from untrusted sources or that operate under tight memory constraints.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`ffcd06b6d13b72823aba0d7c871f7e4876e7916b`	affected	< 46c1d56ad321fb024761abd9af61a0cb616cf2f6
`ffcd06b6d13b72823aba0d7c871f7e4876e7916b`	affected	< 399219831514126bc9541e8eadefe02c6fbd9166
`ffcd06b6d13b72823aba0d7c871f7e4876e7916b`	affected	< 05ce49a902be15dc93854cbfc20161205a9ee446

Linux

affected

Version	Status	Constraints
`6.13`	affected	—
`0`	unaffected	< 6.13
`6.18.11`	unaffected	≤ 6.18.*
`6.19.1`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,46c1d56ad321fb024761abd9af61a0cb616cf2f6)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,399219831514126bc9541e8eadefe02c6fbd9166)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.18.11,6.19.0)`	unaffected	semver	—
`[6.19.1,6.20.0)`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest kernel update that includes the hfs_kill_super() fix to eliminate the memory leak
Reboot the system after installing the updated kernel to ensure all kernel memory is cleared
If an immediate kernel update is not possible, consider disabling HFS support or preventing mount attempts of HFS filesystems from untrusted sources

Generated by OpenCVE AI on April 21, 2026 at 15:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/05ce49a902be15dc93854cbfc20161205a9ee446
https://git.kernel.org/stable/c/399219831514126bc9541e8eadefe02c6fbd9166
https://git.kernel.org/stable/c/46c1d56ad321fb024761abd9af61a0cb616cf2f6
https://lore.kernel.org/linux-cve-announce/2026021804-CVE-2025-71230-8e25@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-71230
https://www.cve.org/CVERecord?id=CVE-2025-71230

History

Wed, 18 Mar 2026 17:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Mon, 23 Feb 2026 03:30:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/05ce49a902be15dc93854cbfc20161205a9ee446

Fri, 20 Feb 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026021804-CVE-2025-71230-8e25@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-71230 https://www.cve.org/CVERecord?id=CVE-2025-71230

Wed, 18 Feb 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb->s_fs_info is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb->s_fs_info. If setup_bdev_super() fails after a new superblock has been allocated by sget_fc(), but before hfs_fill_super() takes ownership of the filesystem-specific s_fs_info data it was leaked. Fix this by freeing sb->s_fs_info in hfs_kill_super().
Title		hfs: ensure sb->s_fs_info is always cleaned up
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/399219831514126bc9541e8eadefe02c6fbd9166 https://git.kernel.org/stable/c/46c1d56ad321fb024761abd9af61a0cb616cf2f6

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-18T14:53:14.519Z

Updated: 2026-05-11T21:56:51.030Z

Reserved: 2026-02-18T14:25:13.844Z

Link: CVE-2025-71230

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-02-18T16:22:29.743

Modified: 2026-03-18T17:18:58.160

Link: CVE-2025-71230

Redhat

Severity :

Publid Date: 2026-02-18T00:00:00Z

Links: CVE-2025-71230 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-21T16:00:13Z

Weaknesses

NVD-CWE-noinfo

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object