Wiz
Vulnerability DatabaseCVE-2025-40082

CVE-2025-40082
Linux Kernel vulnerability analysis and mitigation

Overview

A kernel vulnerability identified as CVE-2025-40082 was discovered in the HFS+ filesystem implementation. The issue was disclosed on October 28, 2025, and affects the hfsplus_uni2asc() function. This vulnerability has been assigned a CVSS v3.1 base score of 7.0, indicating a moderate severity level (Red Hat CVE).

Technical details

The vulnerability is characterized as a slab-out-of-bounds read in the hfsplus_uni2asc() function of the HFS+ filesystem implementation. It has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access vector, high attack complexity, low privileges required, no user interaction needed, and high impacts on confidentiality, integrity, and availability (Red Hat CVE).

Impact

The vulnerability could potentially lead to unauthorized access to system memory through a slab-out-of-bounds read operation, which could result in information disclosure, system crashes, or potential privilege escalation (Red Hat CVE).

Mitigation and workarounds

According to Red Hat's assessment, several major versions of Red Hat Enterprise Linux (RHEL) including versions 8, 9, and 10 are not affected by this vulnerability. RHEL 6 is out of support scope (Red Hat CVE).

Additional resources

SourceThis report was generated using AI

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-40082N/AN/A
  • Linux KernelLinux Kernel
  • linux
NoNoOct 28, 2025
CVE-2025-40081N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-debug-modules-partner
NoNoOct 28, 2025
CVE-2025-40080N/AN/A
  • Linux KernelLinux Kernel
  • kernel-devel-matched
NoNoOct 28, 2025
CVE-2025-40078N/AN/A
  • Linux KernelLinux Kernel
  • kernel-devel
NoNoOct 28, 2025
CVE-2025-40075N/AN/A
  • Linux KernelLinux Kernel
  • kernel-tools
NoNoOct 28, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo