Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-0927

Опубликовано: 30 мар. 2025
Источник: redhat
CVSS3: 5.5

Описание

[REJECTED CVE] Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code.

Отчет

This CVE has been rejected by the Linux kernel community. Refer to the announcement: https://lore.kernel.org/linux-cve-announce/2025052308-brittle-unbroken-888b@gregkh/

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10kernelNot affected
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2354340kernel: heap overflow in the hfs and hfsplus filesystems with manually crafted filesystem

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-0927

ubuntu
9 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Filesystem bugs due to corrupt images are not considered a CVE for any filesystem that is only mountable by CAP_SYS_ADMIN in the initial user namespace. That includes delegated mounting.

nvd логотип

CVE-2025-0927

nvd
9 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Filesystem bugs due to corrupt images are not considered a CVE for any filesystem that is only mountable by CAP_SYS_ADMIN in the initial user namespace. That includes delegated mounting.

github логотип

GHSA-xq2v-cc3g-cmw3

CVSS3: 7.8
github
9 месяцев назад

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code.

fstec логотип

BDU:2025-03186

CVSS3: 7.8
fstec
11 месяцев назад

Уязвимость драйвера файловой системы HFS ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код

5.5 Medium

CVSS3