CVE-2025-0927

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Filesystem bugs due to corrupt images are not considered a CVE for any filesystem that is only mountable by CAP_SYS_ADMIN in the initial user namespace. That includes delegated mounting.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

08 Apr 2025, 08:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : unknown
References
  • {'url': 'https://www.kernel.org/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}
  • {'url': 'https://ubuntu.com/security/CVE-2025-0927', 'source': 'security@ubuntu.com'}
  • {'url': 'https://ubuntu.com/security/notices/USN-7276-1', 'source': 'security@ubuntu.com'}
CWE CWE-787
Summary
  • (es) Attila Szász descubrió que la implementación del sistema de archivos HFS+ en el kernel de Linux contenía una vulnerabilidad de desbordamiento de pila. Un atacante podría usar una imagen del sistema de archivos especialmente manipulada que, al montarse, podría causar una denegación de servicio (fallo del sistema) o posiblemente ejecutar código arbitrario.
Summary (en) In the Linux kernel, the following vulnerability has been found:               A heap overflow in the hfs and hfsplus filesystems can happen if a user mounts a manually crafted filesystem.               At this point in time, it is not fixed in any released kernel version, this is a stop-gap report to notify that kernel.org is now the owner of this CVE id.                   The Linux kernel CVE team has been assigned CVE-2025-0927 as it was incorrectly created by a different CNA that really should have known better to not have done this.to this issue. (en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Filesystem bugs due to corrupt images are not considered a CVE for any filesystem that is only mountable by CAP_SYS_ADMIN in the initial user namespace. That includes delegated mounting.

31 Mar 2025, 15:15

Type Values Removed Values Added
CWE CWE-122

31 Mar 2025, 14:15

Type Values Removed Values Added
CWE CWE-122

30 Mar 2025, 19:15

Type Values Removed Values Added
References
  • () https://www.kernel.org/ -
Summary (en) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (en) In the Linux kernel, the following vulnerability has been found:               A heap overflow in the hfs and hfsplus filesystems can happen if a user mounts a manually crafted filesystem.               At this point in time, it is not fixed in any released kernel version, this is a stop-gap report to notify that kernel.org is now the owner of this CVE id.                   The Linux kernel CVE team has been assigned CVE-2025-0927 as it was incorrectly created by a different CNA that really should have known better to not have done this.to this issue.

25 Mar 2025, 14:15

Type Values Removed Values Added
Summary
  • (es) Attila Szász descubrió que la implementación del sistema de archivos HFS+ en el kernel de Linux contenía una vulnerabilidad de desbordamiento de pila. Un atacante podría usar una imagen del sistema de archivos especialmente manipulada que, al montarse, podría causar una denegación de servicio (fallo del sistema) o posiblemente ejecutar código arbitrario.
References
  • () https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/ -

23 Mar 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-23 15:15

Updated : 2025-04-08 08:15


NVD link : CVE-2025-0927

Mitre link : CVE-2025-0927

CVE.ORG link : CVE-2025-0927


JSON object : View

Products Affected

No product.

CWE

No CWE.