CVE-2025-0927

high

Description

In the Linux kernel, the following vulnerability has been found: A heap overflow in the hfs and hfsplus filesystems can happen if a user mounts a manually crafted filesystem. At this point in time, it is not fixed in any released kernel version, this is a stop-gap report to notify that kernel.org is now the owner of this CVE id. The Linux kernel CVE team has been assigned CVE-2025-0927 as it was incorrectly created by a different CNA that really should have known better to not have done this.to this issue.

References

https://www.kernel.org/

https://ubuntu.com/security/notices/USN-7276-1

https://ubuntu.com/security/CVE-2025-0927

https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/

Details

Source: Mitre, NVD

Published: 2025-03-23

Updated: 2025-03-30

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High