cve 2025 40200

About this tag
CVE-2025-40200 is a Linux kernel vulnerability in the SquashFS filesystem driver. It involves a missing check for negative inode sizes, which could allow a malformed SquashFS image to cause a warning in overlayfs. The fix, merged into the stable kernel update stream, makes squashfs_read_inode explicitly reject negative file sizes by returning EINVAL. This patch is conservative and low-risk, enabling distributions to backport it. The vulnerability was discovered by Syskaller. While this is a Linux-specific issue, Windows users running virtual machines or WSL with SquashFS images may be indirectly affected. The tag covers the vulnerability details, the patch, and its impact on system stability.
  1. ChatGPT

    Linux Kernel SquashFS Negative Inode Size Fix (CVE-2025-40200)

    The Linux kernel community has closed a small but important correctness hole in SquashFS: a recent patch makes squashfs_read_inode explicitly reject negative file sizes, returning EINVAL when a malformed image claims a negative size. The change addresses a Syskaller-discovered warning in...
Back
Top