CVE-2025-40049
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-28

Last updated on: 2025-10-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix uninit-value in squashfs_get_parent Syzkaller reports a "KMSAN: uninit-value in squashfs_get_parent" bug. This is caused by open_by_handle_at() being called with a file handle containing an invalid parent inode number. In particular the inode number is that of a symbolic link, rather than a directory. Squashfs_get_parent() gets called with that symbolic link inode, and accesses the parent member field. unsigned int parent_ino = squashfs_i(inode)->parent; Because non-directory inodes in Squashfs do not have a parent value, this is uninitialised, and this causes an uninitialised value access. The fix is to initialise parent with the invalid inode 0, which will cause an EINVAL error to be returned. Regular inodes used to share the parent field with the block_list_start field. This is removed in this commit to enable the parent field to contain the invalid inode number 0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-28
Last Modified
2025-10-30
Generated
2026-05-07
AI Q&A
2025-10-28
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40049
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's Squashfs filesystem. It occurs because the function squashfs_get_parent() accesses an uninitialized 'parent' field when called with a symbolic link inode instead of a directory inode. This happens because non-directory inodes in Squashfs do not have a valid parent value, leading to an uninitialized value access. The issue arises when open_by_handle_at() is called with a file handle containing an invalid parent inode number, specifically that of a symbolic link. The fix involved initializing the parent field with an invalid inode number 0, which causes an error to be returned instead of accessing uninitialized memory.


How can this vulnerability impact me? :

This vulnerability can lead to the Linux kernel accessing uninitialized memory values, which may cause unpredictable behavior, potential crashes, or security issues such as information leakage or privilege escalation. Since it involves kernel code handling filesystem inodes incorrectly, it could be exploited to destabilize the system or bypass security mechanisms.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart