https://ubuntu.com/security/CVE-2025-37782
[ Impact ]
Attila Szász discovered that the HFS+ file system implementation in the Linux
Kernel contained a heap overflow vulnerability. An attacker could use a
specially crafted file system image that, when mounted, could cause a denial of
service (system crash) or possibly execute arbitrary code.
[ Fix ]
SAUCE patch is getting replaced with upstream commit instead.
Trusty: cherry picked from upstream
Xenial: cherry picked from upstream
Bionic: cherry picked from upstream
Focal: cherry picked from upstream
Jammy: will receive from stable updates
Noble: will receive from stable updates
Oracular: will receive from stable updates
[ Test Plan ]
Compile tested only.
[ Where Problems Could Occur ]
Users that mount legacy Apple HFS+ drives might encounter warnings.