{"id":"AZL-66842","summary":"CVE-2025-38716 affecting package kernel for versions less than 6.6.104.2-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix general protection fault in hfs_find_init()\n\nThe hfs_find_init() method can trigger the crash\nif tree pointer is NULL:\n\n[   45.746290][ T9787] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] SMP KAI\n[   45.747287][ T9787] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]\n[   45.748716][ T9787] CPU: 2 UID: 0 PID: 9787 Comm: repro Not tainted 6.16.0-rc3 #10 PREEMPT(full)\n[   45.750250][ T9787] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   45.751983][ T9787] RIP: 0010:hfs_find_init+0x86/0x230\n[   45.752834][ T9787] Code: c1 ea 03 80 3c 02 00 0f 85 9a 01 00 00 4c 8d 6b 40 48 c7 45 18 00 00 00 00 48 b8 00 00 00 00 00 fc\n[   45.755574][ T9787] RSP: 0018:ffffc90015157668 EFLAGS: 00010202\n[   45.756432][ T9787] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff819a4d09\n[   45.757457][ T9787] RDX: 0000000000000008 RSI: ffffffff819acd3a RDI: ffffc900151576e8\n[   45.758282][ T9787] RBP: ffffc900151576d0 R08: 0000000000000005 R09: 0000000000000000\n[   45.758943][ T9787] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000004\n[   45.759619][ T9787] R13: 0000000000000040 R14: ffff88802c50814a R15: 0000000000000000\n[   45.760293][ T9787] FS:  00007ffb72734540(0000) GS:ffff8880cec64000(0000) knlGS:0000000000000000\n[   45.761050][ T9787] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   45.761606][ T9787] CR2: 00007f9bd8225000 CR3: 000000010979a000 CR4: 00000000000006f0\n[   45.762286][ T9787] Call Trace:\n[   45.762570][ T9787]  \u003cTASK\u003e\n[   45.762824][ T9787]  hfs_ext_read_extent+0x190/0x9d0\n[   45.763269][ T9787]  ? submit_bio_noacct_nocheck+0x2dd/0xce0\n[   45.763766][ T9787]  ? __pfx_hfs_ext_read_extent+0x10/0x10\n[   45.764250][ T9787]  hfs_get_block+0x55f/0x830\n[   45.764646][ T9787]  block_read_full_folio+0x36d/0x850\n[   45.765105][ T9787]  ? __pfx_hfs_get_block+0x10/0x10\n[   45.765541][ T9787]  ? const_folio_flags+0x5b/0x100\n[   45.765972][ T9787]  ? __pfx_hfs_read_folio+0x10/0x10\n[   45.766415][ T9787]  filemap_read_folio+0xbe/0x290\n[   45.766840][ T9787]  ? __pfx_filemap_read_folio+0x10/0x10\n[   45.767325][ T9787]  ? __filemap_get_folio+0x32b/0xbf0\n[   45.767780][ T9787]  do_read_cache_folio+0x263/0x5c0\n[   45.768223][ T9787]  ? __pfx_hfs_read_folio+0x10/0x10\n[   45.768666][ T9787]  read_cache_page+0x5b/0x160\n[   45.769070][ T9787]  hfs_btree_open+0x491/0x1740\n[   45.769481][ T9787]  hfs_mdb_get+0x15e2/0x1fb0\n[   45.769877][ T9787]  ? __pfx_hfs_mdb_get+0x10/0x10\n[   45.770316][ T9787]  ? find_held_lock+0x2b/0x80\n[   45.770731][ T9787]  ? lockdep_init_map_type+0x5c/0x280\n[   45.771200][ T9787]  ? lockdep_init_map_type+0x5c/0x280\n[   45.771674][ T9787]  hfs_fill_super+0x38e/0x720\n[   45.772092][ T9787]  ? __pfx_hfs_fill_super+0x10/0x10\n[   45.772549][ T9787]  ? snprintf+0xbe/0x100\n[   45.772931][ T9787]  ? __pfx_snprintf+0x10/0x10\n[   45.773350][ T9787]  ? do_raw_spin_lock+0x129/0x2b0\n[   45.773796][ T9787]  ? find_held_lock+0x2b/0x80\n[   45.774215][ T9787]  ? set_blocksize+0x40a/0x510\n[   45.774636][ T9787]  ? sb_set_blocksize+0x176/0x1d0\n[   45.775087][ T9787]  ? setup_bdev_super+0x369/0x730\n[   45.775533][ T9787]  get_tree_bdev_flags+0x384/0x620\n[   45.775985][ T9787]  ? __pfx_hfs_fill_super+0x10/0x10\n[   45.776453][ T9787]  ? __pfx_get_tree_bdev_flags+0x10/0x10\n[   45.776950][ T9787]  ? bpf_lsm_capable+0x9/0x10\n[   45.777365][ T9787]  ? security_capable+0x80/0x260\n[   45.777803][ T9787]  vfs_get_tree+0x8e/0x340\n[   45.778203][ T9787]  path_mount+0x13de/0x2010\n[   45.778604][ T9787]  ? kmem_cache_free+0x2b0/0x4c0\n[   45.779052][ T9787]  ? __pfx_path_mount+0x10/0x10\n[   45.779480][ T9787]  ? getname_flags.part.0+0x1c5/0x550\n[   45.779954][ T9787]  ? putname+0x154/0x1a0\n[   45.780335][ T9787]  __x64_sys_mount+0x27b/0x300\n[   45.780758][ T9787]  ? __pfx___x64_sys_mount+0x10/0x10\n[   45.781232][ T9787] \n---truncated---","modified":"2026-04-01T05:21:03.674189Z","published":"2025-09-04T16:15:41Z","upstream":["CVE-2025-38716"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38716"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.104.2-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66842.json"}}],"schema_version":"1.7.5"}