In the Linux kernel, the following vulnerability has been found:
               
A heap overflow in the hfs and hfsplus filesystems can happen if a user mounts a manually crafted filesystem.
               
At this point in time, it is not fixed in any released kernel version, this is a stop-gap report to notify that kernel.org is now the owner of this CVE id.      
               
The Linux kernel CVE team has been assigned CVE-2025-0927 as it was incorrectly created by a different CNA that really should have known better to not have done this.to this issue.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Filesystem bugs due to corrupt images are not considered a CVE for any filesystem that is only mountable by CAP_SYS_ADMIN in the initial user namespace. That includes delegated mounting.

CISA-ADP: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Canonical Ltd.: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Canonical Ltd.: CWE-787

CISA-ADP: https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/

Canonical Ltd.: https://ubuntu.com/security/CVE-2025-0927

Canonical Ltd.: https://ubuntu.com/security/notices/USN-7276-1

kernel.org: https://www.kernel.org/