U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2025-0927

Change History

CVE Modified by kernel.org 3/30/2025 3:15:14 PM

Action Type Old Value New Value
Changed Description 
Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code.
 
In the Linux kernel, the following vulnerability has been found:
               
A heap overflow in the hfs and hfsplus filesystems can happen if a user mounts a manually crafted filesystem.
               
At this point in time, it is not fixed in any released kernel version, this is a stop-gap report to notify that kernel.org is now the owner of this CVE id.      
               
The Linux kernel CVE team has been assigned CVE-2025-0927 as it was incorrectly created by a different CNA that really should have known better to not have done this.to this issue.
Added Reference 

								
							
							
								
							
						
								
							
								
https://www.kernel.org/