1. Home
  2. Vulnerabilities
  3. CVE-2025-40049
0.0
NA
CVE-2025-40049
Squashfs: fix uninit-value in squashfs_get_parent
Description

In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix uninit-value in squashfs_get_parent Syzkaller reports a "KMSAN: uninit-value in squashfs_get_parent" bug. This is caused by open_by_handle_at() being called with a file handle containing an invalid parent inode number. In particular the inode number is that of a symbolic link, rather than a directory. Squashfs_get_parent() gets called with that symbolic link inode, and accesses the parent member field. unsigned int parent_ino = squashfs_i(inode)->parent; Because non-directory inodes in Squashfs do not have a parent value, this is uninitialised, and this causes an uninitialised value access. The fix is to initialise parent with the invalid inode 0, which will cause an EINVAL error to be returned. Regular inodes used to share the parent field with the block_list_start field. This is removed in this commit to enable the parent field to contain the invalid inode number 0.

INFO

Published Date :

Oct. 28, 2025, 12:15 p.m.

Last Modified :

Oct. 28, 2025, 12:15 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2025-40049 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Solution
Fix uninitialized value access in squashfs by initializing parent inode number.
  • Apply the kernel patch for Squashfs.
  • Update your Linux kernel to the latest version.
  • Ensure parent inode numbers are validated.
  • Test the fix in a controlled environment.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-40049.

URL Resource
https://git.kernel.org/stable/c/1b3ccd0019132880c94bb00ca7088c1749308f82
https://git.kernel.org/stable/c/61d38b5ce2782bff3cacaacbb8164087a73ed1a5
https://git.kernel.org/stable/c/74058c0a9fc8b2b4d5f4a0ef7ee2cfa66a9e49cf
https://git.kernel.org/stable/c/81a2bca52d43fc9d9abf07408b91255131c5dc53
https://git.kernel.org/stable/c/91b99db7a92e57ff48a96a1b10fddfd2547e7f53
https://git.kernel.org/stable/c/c28b0ca029edf5d0558abcd76cb8c732706cd339
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-40049 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-40049 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-40049 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-40049 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Oct. 28, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix uninit-value in squashfs_get_parent Syzkaller reports a "KMSAN: uninit-value in squashfs_get_parent" bug. This is caused by open_by_handle_at() being called with a file handle containing an invalid parent inode number. In particular the inode number is that of a symbolic link, rather than a directory. Squashfs_get_parent() gets called with that symbolic link inode, and accesses the parent member field. unsigned int parent_ino = squashfs_i(inode)->parent; Because non-directory inodes in Squashfs do not have a parent value, this is uninitialised, and this causes an uninitialised value access. The fix is to initialise parent with the invalid inode 0, which will cause an EINVAL error to be returned. Regular inodes used to share the parent field with the block_list_start field. This is removed in this commit to enable the parent field to contain the invalid inode number 0.
    Added Reference https://git.kernel.org/stable/c/1b3ccd0019132880c94bb00ca7088c1749308f82
    Added Reference https://git.kernel.org/stable/c/61d38b5ce2782bff3cacaacbb8164087a73ed1a5
    Added Reference https://git.kernel.org/stable/c/74058c0a9fc8b2b4d5f4a0ef7ee2cfa66a9e49cf
    Added Reference https://git.kernel.org/stable/c/81a2bca52d43fc9d9abf07408b91255131c5dc53
    Added Reference https://git.kernel.org/stable/c/91b99db7a92e57ff48a96a1b10fddfd2547e7f53
    Added Reference https://git.kernel.org/stable/c/c28b0ca029edf5d0558abcd76cb8c732706cd339
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.