Impact
In the Linux kernel’s HFS+ file‑system implementation, the hfs_bnode_create function can erroneously return an existing node without increasing its reference count. This flaw, classified as CWE-911 and an additional unspecified category (NVD-CWE-Other), manifests when hfs_bmap_alloc tries to create a node that already exists in the hash table. When that node is later released, the kernel detects that its reference counter has dropped to zero and triggers a BUG, causing a kernel panic. This loss of availability is a direct result of the improper error handling path.
Affected Systems
All Linux kernel versions that include the HFS+ driver and are capable of mounting or manipulating HFS+ volumes are affected. The vulnerability manifests when hfs_bmap_alloc attempts to create a node that is already present in the hash table—an error condition that can arise from filesystem corruption or a faulty allocation request. Systems using older kernel releases that have not incorporated the fix are susceptible.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity. The EPSS score of <1% reflects a very low but non‑zero predicted exploitation likelihood, and the vulnerability is not listed in CISA’s KEV catalog. An attacker would need either local access to a running system with an HFS+ mount or the capability to supply a corrupted HFS+ volume to trigger the fault. While no widespread exploitation has been observed, the kernel panic can be leveraged for denial‑of‑service attacks in environments where HFS+ is in use.
OpenCVE Enrichment
Debian DLA
Ubuntu USN