-

CVE-2025-40200

EPSS 0.06%
Veröffentlicht 12.11.2025 21:56:33
Zuletzt bearbeitet 14.11.2025 16:42:30
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

Squashfs: reject negative file sizes in squashfs_read_inode()

Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs.

This warning is ultimately caused because the underlying Squashfs file
system returns a file with a negative file size.

This commit checks for a negative file size and returns EINVAL.

[phillip@squashfs.org.uk: only need to check 64 bit quantity]

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 54170057a5fadd24a37b70de41e61d39284d9bd7

Version 6545b246a2c815a8fcd07d58240effb6ec3481b1

Status affected

Version < 2871c74caa3f4f05b429e6bfefebac62dbf1b408

Version 6545b246a2c815a8fcd07d58240effb6ec3481b1

Status affected

Version < fbfc745db628de31f5c089147deeb87e95b89e66

Version 6545b246a2c815a8fcd07d58240effb6ec3481b1

Status affected

Version < 8118f66124895829443d09c207e654adcb2f9321

Version 6545b246a2c815a8fcd07d58240effb6ec3481b1

Status affected

Version < 8c7aad76751816207fee556d44aa88a710824810

Version 6545b246a2c815a8fcd07d58240effb6ec3481b1

Status affected

Version < 875fb3f87ae0225b881319ba016a1a8c4ffd5812

Version 6545b246a2c815a8fcd07d58240effb6ec3481b1

Status affected

Version < f271155ff31aca8ef82c61c8df23ca97e9a77dd4

Version 6545b246a2c815a8fcd07d58240effb6ec3481b1

Status affected

Version < 9f1c14c1de1bdde395f6cc893efa4f80a2ae3b2b

Version 6545b246a2c815a8fcd07d58240effb6ec3481b1

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.29

Status affected

Version < 2.6.29

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.301

Status unaffected

Version <= 5.10.*

Version 5.10.246

Status unaffected

Version <= 5.15.*

Version 5.15.195

Status unaffected

Version <= 6.1.*

Version 6.1.157

Status unaffected

Version <= 6.6.*

Version 6.6.113

Status unaffected

Version <= 6.12.*

Version 6.12.54

Status unaffected

Version <= 6.17.*

Version 6.17.4

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.193

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/54170057a5fadd24a37b70de41e61d39284d9bd7

https://git.kernel.org/stable/c/2871c74caa3f4f05b429e6bfefebac62dbf1b408

https://git.kernel.org/stable/c/fbfc745db628de31f5c089147deeb87e95b89e66

https://git.kernel.org/stable/c/8118f66124895829443d09c207e654adcb2f9321

https://git.kernel.org/stable/c/8c7aad76751816207fee556d44aa88a710824810

https://git.kernel.org/stable/c/875fb3f87ae0225b881319ba016a1a8c4ffd5812

https://git.kernel.org/stable/c/f271155ff31aca8ef82c61c8df23ca97e9a77dd4

https://git.kernel.org/stable/c/9f1c14c1de1bdde395f6cc893efa4f80a2ae3b2b

https://nvd.nist.gov/vuln/detail/CVE-2025-40200

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40200

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40200

EUVD