APPLIED: [SRU][F][PATCH 0/1] CVE-2025-37782
Manuel Diewald
manuel.diewald at canonical.com
Fri Jun 13 13:05:16 UTC 2025
On Fri, May 23, 2025 at 01:58:34AM +0300, Cengiz Can wrote:
> https://ubuntu.com/security/CVE-2025-37782
>
> [ Impact ]
>
> Attila Szász discovered that the HFS+ file system implementation in the Linux
> Kernel contained a heap overflow vulnerability. An attacker could use a
> specially crafted file system image that, when mounted, could cause a denial of
> service (system crash) or possibly execute arbitrary code.
>
> [ Fix ]
>
> SAUCE patch is getting replaced with upstream commit instead.
>
> Trusty: cherry picked from upstream
> Xenial: cherry picked from upstream
> Bionic: cherry picked from upstream
> Focal: cherry picked from upstream
>
> Jammy: will receive from stable updates
> Noble: will receive from stable updates
> Oracular: will receive from stable updates
>
> [ Test Plan ]
>
> Compile tested only.
>
> [ Where Problems Could Occur ]
>
> Users that mount legacy Apple HFS+ drives might encounter warnings.
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied to focal:linux/master-next. Thanks!
--
Manuel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250613/ad1047ad/attachment.sig>
More information about the kernel-team
mailing list