CVE-2025-40200 is a Linux kernel vulnerability in the SquashFS filesystem driver. It involves a missing check for negative inode sizes, which could allow a malformed SquashFS image to cause a warning in overlayfs. The fix, merged into the stable kernel update stream, makes squashfs_read_inode explicitly reject negative file sizes by returning EINVAL. This patch is conservative and low-risk, enabling distributions to backport it. The vulnerability was discovered by Syskaller. While this is a Linux-specific issue, Windows users running virtual machines or WSL with SquashFS images may be indirectly affected. The tag covers the vulnerability details, the patch, and its impact on system stability.
-
The Linux kernel community has closed a small but important correctness hole in SquashFS: a recent patch makes squashfs_read_inode explicitly reject negative file sizes, returning EINVAL when a malformed image claims a negative size. The change addresses a Syskaller-discovered warning in...