{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0927", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2025-01-31T10:42:56.521Z", "datePublished": "2025-03-23T15:00:47.770Z", "dateUpdated": "2025-03-26T03:55:20.806Z"}, "containers": {"cna": {"title": "HFS+ filesystem heap overflow", "datePublic": "2025-02-10T07:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"defaultStatus": "unaffected", "packageName": "linux", "platforms": ["Linux"], "product": "Ubuntu Linux", "vendor": "Canonical", "collectionURL": "https://launchpad.net/ubuntu/+source/linux", "repo": "https://code.launchpad.net/~ubuntu-kernel/+git", "modules": ["filesystem"], "programFiles": ["fs/hfsplus/bnode.c", "fs/hfsplus/brec.c"], "versions": [{"lessThan": "3.13.0-203.254", "version": "3.13", "status": "affected", "versionType": "semver"}, {"lessThan": "4.4.0-264.298", "version": "4.4", "status": "affected", "versionType": "semver"}, {"lessThan": "4.15.0-234.246", "version": "4.15", "status": "affected", "versionType": "semver"}, {"lessThan": "5.4.0-208.228", "version": "5.4", "status": "affected", "versionType": "semver"}, {"lessThan": "5.15.0-133.144", "version": "5.15", "status": "affected", "versionType": "semver"}, {"lessThan": "6.8.0-54.56", "version": "6.8", "status": "affected", "versionType": "semver"}, {"lessThan": "6.11.0-18.18", "version": "6.11", "status": "affected", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Attila Sz\u00e1sz discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code."}], "references": [{"url": "https://ubuntu.com/security/CVE-2025-0927"}, {"url": "https://ubuntu.com/security/notices/USN-7276-1"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "workarounds": [{"lang": "en", "value": "sudo tee /etc/modprobe.d/blacklist-hfs.conf > /dev/null <<EOF\n\nblacklist hfs\n\nblacklist hfsplus\n\ninstall hfs /bin/false\n\ninstall hfsplus /bin/false\n\nEOF"}], "credits": [{"lang": "en", "value": "Attila Sz\u00e1sz", "type": "reporter"}], "source": {"discovery": "EXTERNAL"}, "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-03-23T15:00:47.770Z"}}, "adp": [{"references": [{"url": "https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-25T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-0927"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T03:55:20.806Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0927", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-25T13:14:26.397918Z"}}}], "references": [{"url": "https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-24T12:19:38.348Z"}}], "cna": {"title": "HFS+ filesystem heap overflow", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Attila Sz\u00e1sz"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://code.launchpad.net/~ubuntu-kernel/+git", "vendor": "Canonical", "modules": ["filesystem"], "product": "Ubuntu Linux", "versions": [{"status": "affected", "version": "3.13", "lessThan": "3.13.0-203.254", "versionType": "semver"}, {"status": "affected", "version": "4.4", "lessThan": "4.4.0-264.298", "versionType": "semver"}, {"status": "affected", "version": "4.15", "lessThan": "4.15.0-234.246", "versionType": "semver"}, {"status": "affected", "version": "5.4", "lessThan": "5.4.0-208.228", "versionType": "semver"}, {"status": "affected", "version": "5.15", "lessThan": "5.15.0-133.144", "versionType": "semver"}, {"status": "affected", "version": "6.8", "lessThan": "6.8.0-54.56", "versionType": "semver"}, {"status": "affected", "version": "6.11", "lessThan": "6.11.0-18.18", "versionType": "semver"}], "platforms": ["Linux"], "packageName": "linux", "programFiles": ["fs/hfsplus/bnode.c", "fs/hfsplus/brec.c"], "collectionURL": "https://launchpad.net/ubuntu/+source/linux", "defaultStatus": "unaffected"}], "datePublic": "2025-02-10T07:00:00.000Z", "references": [{"url": "https://ubuntu.com/security/CVE-2025-0927"}, {"url": "https://ubuntu.com/security/notices/USN-7276-1"}], "workarounds": [{"lang": "en", "value": "sudo tee /etc/modprobe.d/blacklist-hfs.conf > /dev/null <<EOF\n\nblacklist hfs\n\nblacklist hfsplus\n\ninstall hfs /bin/false\n\ninstall hfsplus /bin/false\n\nEOF"}], "descriptions": [{"lang": "en", "value": "Attila Sz\u00e1sz discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-03-23T15:00:47.770Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0927", "state": "PUBLISHED", "dateUpdated": "2025-03-26T03:55:20.806Z", "dateReserved": "2025-01-31T10:42:56.521Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2025-03-23T15:00:47.770Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Attila Sz\u00e1sz discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code."}, {"lang": "es", "value": "Attila Sz\u00e1sz descubri\u00f3 que la implementaci\u00f3n del sistema de archivos HFS+ en el kernel de Linux conten\u00eda una vulnerabilidad de desbordamiento de pila. Un atacante podr\u00eda usar una imagen del sistema de archivos especialmente manipulada que, al montarse, podr\u00eda causar una denegaci\u00f3n de servicio (fallo del sistema) o posiblemente ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2025-0927", "lastModified": "2025-03-25T14:15:27.397", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2025-03-23T15:15:12.537", "references": [{"source": "security@ubuntu.com", "url": "https://ubuntu.com/security/CVE-2025-0927"}, {"source": "security@ubuntu.com", "url": "https://ubuntu.com/security/notices/USN-7276-1"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security@ubuntu.com", "type": "Secondary"}]}

{}