CVE-2025-40200
Squashfs: reject negative file sizes in squashfs_read_inode()
Description
In the Linux kernel, the following vulnerability has been resolved: Squashfs: reject negative file sizes in squashfs_read_inode() Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs. This warning is ultimately caused because the underlying Squashfs file system returns a file with a negative file size. This commit checks for a negative file size and returns EINVAL. [[email protected]: only need to check 64 bit quantity]
INFO
Published Date :
Nov. 12, 2025, 10:15 p.m.
Last Modified :
Nov. 12, 2025, 10:15 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products
The following products are affected by CVE-2025-40200
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Update the Linux kernel to the latest stable version.
- Reboot the system after applying the update.
- Verify the integrity of the Squashfs file system.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-40200.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-40200 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-40200
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-40200 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-40200 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Nov. 12, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: Squashfs: reject negative file sizes in squashfs_read_inode() Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs. This warning is ultimately caused because the underlying Squashfs file system returns a file with a negative file size. This commit checks for a negative file size and returns EINVAL. [[email protected]: only need to check 64 bit quantity] Added Reference https://git.kernel.org/stable/c/2871c74caa3f4f05b429e6bfefebac62dbf1b408 Added Reference https://git.kernel.org/stable/c/54170057a5fadd24a37b70de41e61d39284d9bd7 Added Reference https://git.kernel.org/stable/c/8118f66124895829443d09c207e654adcb2f9321 Added Reference https://git.kernel.org/stable/c/875fb3f87ae0225b881319ba016a1a8c4ffd5812 Added Reference https://git.kernel.org/stable/c/8c7aad76751816207fee556d44aa88a710824810 Added Reference https://git.kernel.org/stable/c/9f1c14c1de1bdde395f6cc893efa4f80a2ae3b2b Added Reference https://git.kernel.org/stable/c/f271155ff31aca8ef82c61c8df23ca97e9a77dd4 Added Reference https://git.kernel.org/stable/c/fbfc745db628de31f5c089147deeb87e95b89e66