CVE-2025-71271 - Vulnerability Details

- hfsplus: ensure sb->s_fs_info is always cleaned up

Description

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: ensure sb->s_fs_info is always cleaned up

When hfsplus was converted to the new mount api a bug was introduced by
changing the allocation pattern of sb->s_fs_info. If setup_bdev_super()
fails after a new superblock has been allocated by sget_fc(), but before
hfsplus_fill_super() takes ownership of the filesystem-specific s_fs_info
data it was leaked.

Fix this by freeing sb->s_fs_info in hfsplus_kill_super().

Published: 2026-05-06

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the Linux kernel’s HFS+ filesystem module causes a memory leak when a superblock is allocated but subsequent initialization fails. The kernel fails to free the filesystem‑specific data structure sb->s_fs_info, leaving it allocated and unwieldy. Repeated failures of mounting an HFS+ filesystem with the new mount API can therefore accumulate unused memory, which may ultimately exhaust system memory and degrade or halt kernel scheduling, resulting in a denial of service. The weakness is represented by CWE‑763 (Resource Leak).

Affected Systems

The vulnerability affects all Linux kernel builds that include the default HFS+ filesystem module. No specific kernel version is specified, so any kernel running a version that has not yet been patched to free sb->s_fs_info during superblock cleanup is potentially impacted. This includes common vendor distributions that ship their own kernel copies.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity. The EPSS score of 0.00022 indicates a very low probability of exploitation, and the issue is not listed in CISA KEV. Based on the description, it is inferred that the attack vector is local privileged, requiring the attacker to execute a mount operation for an HFS+ filesystem using the new API. The vulnerability can be triggered by failed mount attempts, which could arise from malicious software purposely causing such failures or from automatic mounting of removable media with corrupted or unsupported HFS+ partitions. The exploit conditions do not require network access or remote code execution, but repeated failures can lead to resource exhaustion and service degradation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`432f7c78cb000a3151fa0d39585b000312f50d7e`	affected	< 0bcfebb83b5460d5be4e5c9dfb19cdaf3d4cb1db
`432f7c78cb000a3151fa0d39585b000312f50d7e`	affected	< 1e38d32bb04d85a2c81204a85a34878a497128c8
`432f7c78cb000a3151fa0d39585b000312f50d7e`	affected	< 126fb0ce99431126b44a6c360192668c818f641f

Linux

affected

Version	Status	Constraints
`6.13`	affected	—
`0`	unaffected	< 6.13
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[432f7c78cb000a3151fa0d39585b000312f50d7e,0bcfebb83b5460d5be4e5c9dfb19cdaf3d4cb1db)`	affected	code_commit	—
`[432f7c78cb000a3151fa0d39585b000312f50d7e,1e38d32bb04d85a2c81204a85a34878a497128c8)`	affected	code_commit	—
`[432f7c78cb000a3151fa0d39585b000312f50d7e,126fb0ce99431126b44a6c360192668c818f641f)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.13`	affected	generic	—
`[0,6.13)`	unaffected	generic	—
`[6.18.16,6.18.*]`	unaffected	generic	—
`[6.19.6,6.19.*]`	unaffected	generic	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the kernel to a patched version where the hfsplus_kill_super() function frees sb->s_fs_info during superblock cleanup.
Reboot or reload the kernel to ensure the updated HFS+ module is in active use.
If an immediate kernel update is not possible, restrict the use of the HFS+ mount command to trusted administrators and monitor system memory usage for signs of leaking resources.
Disable automatic mounting of HFS+ filesystems if they are not needed in the environment.

Generated by OpenCVE AI on May 12, 2026 at 23:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0bcfebb83b5460d5be4e5c9dfb19cdaf3d4cb1db
https://git.kernel.org/stable/c/126fb0ce99431126b44a6c360192668c818f641f
https://git.kernel.org/stable/c/1e38d32bb04d85a2c81204a85a34878a497128c8
https://lore.kernel.org/linux-cve-announce/2026050614-CVE-2025-71271-6cab@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-71271
https://www.cve.org/CVERecord?id=CVE-2025-71271

History

Tue, 12 May 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Thu, 07 May 2026 04:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-400 CWE-404

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-763
References		https://lore.kernel.org/linux-cve-announce/2026050614-CVE-2025-71271-6cab@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-71271 https://www.cve.org/CVERecord?id=CVE-2025-71271
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 06 May 2026 14:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400 CWE-404

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb->s_fs_info is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changing the allocation pattern of sb->s_fs_info. If setup_bdev_super() fails after a new superblock has been allocated by sget_fc(), but before hfsplus_fill_super() takes ownership of the filesystem-specific s_fs_info data it was leaked. Fix this by freeing sb->s_fs_info in hfsplus_kill_super().
Title		hfsplus: ensure sb->s_fs_info is always cleaned up
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0bcfebb83b5460d5be4e5c9dfb19cdaf3d4cb1db https://git.kernel.org/stable/c/126fb0ce99431126b44a6c360192668c818f641f https://git.kernel.org/stable/c/1e38d32bb04d85a2c81204a85a34878a497128c8

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:05.321Z

Updated: 2026-05-11T21:57:10.064Z

Reserved: 2026-03-17T09:08:18.458Z

Link: CVE-2025-71271

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:27.090

Modified: 2026-05-12T21:25:25.097

Link: CVE-2025-71271

Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2025-71271 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-12T23:45:25Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object