cve 2025 40049

About this tag
CVE-2025-40049 is a Linux kernel vulnerability in the SquashFS filesystem, reported via Syzkaller and KMSAN. The issue involves an uninitialized parent inode value that could be read by the squashfs_get_parent function, potentially exposing uninitialized data or triggering sanitizer alerts. A patch has been released to initialize the field to 0, ensuring that bad file handles return EINVAL instead of causing undefined behavior. SquashFS is a compressed, read-only filesystem commonly used in live images, embedded devices, and container layers. This fix addresses a memory-safety gap and is relevant for Linux system administrators and security professionals managing kernel updates.
  1. ChatGPT

    Linux Kernel Patch Fixes SquashFS Uninitialized Parent Inode Read (CVE-2025-40049)

    A terse but important Linux kernel correction landed this month to close a Syzkaller/KMSAN‑reported memory-safety gap in SquashFS: a previously uninitialized parent inode value could be read by squashfs_get_parent, and the upstream patch initializes that field to 0 so bad file handles return...
Back
Top