Buffer Overflow Vulnerability in Linux Kernel Affecting Squashfs Filesystem
CVE-2025-38415

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38415?

A vulnerability in the Linux kernel's Squashfs filesystem can lead to a buffer overflow due to improper validation of block sizes in concurrent processes. When multiple instances attempt to mount a Squashfs filesystem simultaneously, a race condition can occur, resulting in an incorrect block size being set to zero. This flaw may cause arithmetic operations on invalid configurations leading to critical system instability and potential data corruption. The issue has been addressed by implementing checks to ensure valid block sizes are returned, thereby enhancing overall system security.

Affected Version(s)

Linux 0aa666190509ffab81c202c5095a166be23961ac

Linux 0aa666190509ffab81c202c5095a166be23961ac < 549f9e3d7b60d53808c98b9fde49b4f46d0524a5

Linux 0aa666190509ffab81c202c5095a166be23961ac < 5c51aa862cbeed2f3887f0382a2708956710bd68

References

https://git.kernel.org/stable/c/db7096ea160e40d78c67fce52...

https://git.kernel.org/stable/c/549f9e3d7b60d53808c98b9fd...

https://git.kernel.org/stable/c/5c51aa862cbeed2f3887f0382...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025