ACK: [SRU][F][PATCH 0/1] CVE-2025-37782
Edoardo Canepa
edoardo.canepa at canonical.com
Tue Jun 10 06:58:02 UTC 2025
On 23/05/25 00:58, Cengiz Can wrote:
> https://ubuntu.com/security/CVE-2025-37782
>
> [ Impact ]
>
> Attila Szász discovered that the HFS+ file system implementation in the Linux
> Kernel contained a heap overflow vulnerability. An attacker could use a
> specially crafted file system image that, when mounted, could cause a denial of
> service (system crash) or possibly execute arbitrary code.
>
> [ Fix ]
>
> SAUCE patch is getting replaced with upstream commit instead.
>
> Trusty: cherry picked from upstream
> Xenial: cherry picked from upstream
> Bionic: cherry picked from upstream
> Focal: cherry picked from upstream
>
> Jammy: will receive from stable updates
> Noble: will receive from stable updates
> Oracular: will receive from stable updates
>
> [ Test Plan ]
>
> Compile tested only.
>
> [ Where Problems Could Occur ]
>
> Users that mount legacy Apple HFS+ drives might encounter warnings.
>
>
Acked-by: Edoardo Canepa <edoardo.canepa at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x20F88172E14F6784.asc
Type: application/pgp-keys
Size: 3167 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250610/14f8f5e0/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250610/14f8f5e0/attachment-0001.sig>
More information about the kernel-team
mailing list