You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
squashfs
About this tag
SquashFS is a compressed, read-only filesystem commonly used in live Linux images, embedded devices, and container layers. On WindowsForum.com, recent discussions focus on security vulnerabilities and bug fixes in the Linux kernel's SquashFS implementation. Topics include CVE-2024-26982, which addresses invalid inode zero handling that could cause out-of-bounds access; CVE-2025-40200, which fixes negative file size handling; and CVE-2025-40049, which resolves an uninitialized parent inode read. These patches prevent crashes, denial-of-service, and potential information exposure. The tag covers kernel updates, filesystem integrity, and security patches relevant to SquashFS.
A subtle validation bug in the Linux kernel’s SquashFS implementation — tracked as CVE-2024-26982 — has been fixed upstream after researchers and automated testing tools found that a malformed SquashFS image could leave an inode with an invalid number of zero and later trigger an out‑of‑bounds...
The Linux kernel community has closed a small but important correctness hole in SquashFS: a recent patch makes squashfs_read_inode explicitly reject negative file sizes, returning EINVAL when a malformed image claims a negative size. The change addresses a Syskaller-discovered warning in...
A terse but important Linux kernel correction landed this month to close a Syzkaller/KMSAN‑reported memory-safety gap in SquashFS: a previously uninitialized parent inode value could be read by squashfs_get_parent, and the upstream patch initializes that field to 0 so bad file handles return...