Squashfs Vulnerability in Linux Kernel Affecting Overlayfs Functionality
CVE-2025-40200

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40200?

In the Linux kernel, a vulnerability in the Squashfs file system has been identified, which causes a 'WARNING in ovl_copy_up_file' when overlayfs is utilized. This issue occurs due to the underlying Squashfs returning a negative file size, resulting in improper error handling and file operations. To address this, a recent update adds a check for negative file sizes in the squashfs_read_inode() function, returning an EINVAL error when a negative file size is encountered. This fix enhances the stability and reliability of the overlayfs functionality within the Linux kernel.

Affected Version(s)

Linux 6545b246a2c815a8fcd07d58240effb6ec3481b1 < 54170057a5fadd24a37b70de41e61d39284d9bd7

Linux 6545b246a2c815a8fcd07d58240effb6ec3481b1 < 2871c74caa3f4f05b429e6bfefebac62dbf1b408

Linux 6545b246a2c815a8fcd07d58240effb6ec3481b1

References

https://git.kernel.org/stable/c/54170057a5fadd24a37b70de4...

https://git.kernel.org/stable/c/2871c74caa3f4f05b429e6bfe...

https://git.kernel.org/stable/c/fbfc745db628de31f5c089147...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON