cve/rejected/2025/CVE-2025-0927.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-0927: heap overflow in the hfs and hfsplus filesystems with manually crafted filesystem
 Message-Id: <2025033057-CVE-2025-0927-1436@gregkh>
 Content-Length: 1237
 Lines: 44
 X-Developer-Signature: v=1; a=openpgp-sha256; l=1282;
  i=gregkh@linuxfoundation.org; h=from:subject:message-id;
  bh=24YKsWa1+pcWtPVrEfnNLs37hr22ATNBBnnZSYkE3Aw=;
  b=owGbwMvMwCRo6H6F97bub03G02pJDOkvJ+99FWtvFLg0sqh+zaLNqwyW3lJOzegKcdnRuVTYM
  UXZW/1xRywLgyATg6yYIsuXbTxH91ccUvQytD0NM4eVCWQIAxenAExEIYFhflDNjCNPGb41/M9l
  /f9eMtJmgd77EIYFk/fWvslaUxBbZJHAu9vu+aVox213AA==
 X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp;
  fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29

 Description
 ===========

 In the Linux kernel, the following vulnerability has been found:

 A heap overflow in the hfs and hfsplus filesystems can happen if a user
 mounts a manually crafted filesystem.

 At this point in time, it is not fixed in any released kernel version,
 this is a stop-gap report to notify that kernel.org is now the owner of
 this CVE id.

 The Linux kernel CVE team has been assigned CVE-2025-0927 as it was
 incorrectly created by a different CNA that really should have known
 better to not have done this.to this issue.


 Affected and fixed versions
 ===========================

 	All released kernel versions are affected.

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-0927
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/hfs/bnode.c
 	fs/hfsplus/bnode.c


 Mitigation
 ==========

 Do not allow users to mount untrusted filesystem images.
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-0927: heap overflow in the hfs and hfsplus filesystems with manually crafted filesystem
	Message-Id: <2025033057-CVE-2025-0927-1436@gregkh>
	Content-Length: 1237
	Lines: 44
	X-Developer-Signature: v=1; a=openpgp-sha256; l=1282;
	i=gregkh@linuxfoundation.org; h=from:subject:message-id;
	bh=24YKsWa1+pcWtPVrEfnNLs37hr22ATNBBnnZSYkE3Aw=;
	b=owGbwMvMwCRo6H6F97bub03G02pJDOkvJ+99FWtvFLg0sqh+zaLNqwyW3lJOzegKcdnRuVTYM
	UXZW/1xRywLgyATg6yYIsuXbTxH91ccUvQytD0NM4eVCWQIAxenAExEIYFhflDNjCNPGb41/M9l
	/f9eMtJmgd77EIYFk/fWvslaUxBbZJHAu9vu+aVox213AA==
	X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp;
	fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29

	Description
	===========

	In the Linux kernel, the following vulnerability has been found:

	A heap overflow in the hfs and hfsplus filesystems can happen if a user
	mounts a manually crafted filesystem.

	At this point in time, it is not fixed in any released kernel version,
	this is a stop-gap report to notify that kernel.org is now the owner of
	this CVE id.

	The Linux kernel CVE team has been assigned CVE-2025-0927 as it was
	incorrectly created by a different CNA that really should have known
	better to not have done this.to this issue.


	Affected and fixed versions
	===========================

	All released kernel versions are affected.

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-0927
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/hfs/bnode.c
	fs/hfsplus/bnode.c


	Mitigation
	==========

	Do not allow users to mount untrusted filesystem images.