This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Filesystem bugs due to corrupt images are not considered a CVE for any filesystem that is only mountable by CAP_SYS_ADMIN in the initial user namespace. That includes delegated mounting.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

References
Link Providers
https://lore.kernel.org/linux-cve-announce/2025033057-CVE-2025-0927-1436@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-0927 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-0927 cve-icon
History

Wed, 18 Jun 2025 16:00:00 +0000

Type Values Removed Values Added
Metrics threat_severity

Moderate

 threat_severity

None

Tue, 08 Apr 2025 09:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Tue, 08 Apr 2025 08:45:00 +0000

Type Values Removed Values Added
References

Tue, 08 Apr 2025 08:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been found:               A heap overflow in the hfs and hfsplus filesystems can happen if a user mounts a manually crafted filesystem.               At this point in time, it is not fixed in any released kernel version, this is a stop-gap report to notify that kernel.org is now the owner of this CVE id.                   The Linux kernel CVE team has been assigned CVE-2025-0927 as it was incorrectly created by a different CNA that really should have known better to not have done this.to this issue. This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Filesystem bugs due to corrupt images are not considered a CVE for any filesystem that is only mountable by CAP_SYS_ADMIN in the initial user namespace. That includes delegated mounting.

Wed, 02 Apr 2025 14:00:00 +0000

Type Values Removed Values Added
Title kernel: heap overflow in the hfs and hfsplus filesystems with manually crafted filesystem
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 31 Mar 2025 15:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Mon, 31 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 31 Mar 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Mon, 31 Mar 2025 08:15:00 +0000

Type Values Removed Values Added
Title HFS+ filesystem heap overflow

Sun, 30 Mar 2025 20:15:00 +0000

Type Values Removed Values Added
Title HFS+ filesystem heap overflow

Sun, 30 Mar 2025 19:15:00 +0000

Type Values Removed Values Added
Title HFS+ filesystem heap overflow
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Sun, 30 Mar 2025 19:00:00 +0000

Type Values Removed Values Added
Description Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. In the Linux kernel, the following vulnerability has been found:               A heap overflow in the hfs and hfsplus filesystems can happen if a user mounts a manually crafted filesystem.               At this point in time, it is not fixed in any released kernel version, this is a stop-gap report to notify that kernel.org is now the owner of this CVE id.                   The Linux kernel CVE team has been assigned CVE-2025-0927 as it was incorrectly created by a different CNA that really should have known better to not have done this.to this issue.
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Tue, 25 Mar 2025 14:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 24 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 23 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Description Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code.
Title HFS+ filesystem heap overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: REJECTED

Assigner: canonical

Published: 2025-03-23T15:00:47.770Z

Updated: 2025-04-08T08:07:06.833Z

Reserved: 2025-01-31T10:42:56.521Z

Link: CVE-2025-0927

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-03-23T15:15:12.537

Modified: 2025-04-08T08:15:14.863

Link: CVE-2025-0927

cve-icon Redhat

Severity :

Publid Date: 2025-03-30T00:00:00Z

Links: CVE-2025-0927 - Bugzilla