NuytsTech Security

CVE-2025-40200

by ·

In the Linux kernel, the following vulnerability has been resolved:

Squashfs: reject negative file sizes in squashfs_read_inode()

Syskaller reports a “WARNING in ovl_copy_up_file” in overlayfs.

This warning is ultimately caused because the underlying Squashfs file
system returns a file with a negative file size.

This commit checks for a negative file size and returns EINVAL.

[phillip@squashfs.org.uk: only need to check 64 bit quantity]

More information : https://git.kernel.org/stable/c/2871c74caa3f4f05b429e6bfefebac62dbf1b408

Tags: