Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Search vulnerabilities and malicious packages across npm, PyPI, Go, GitHub Actions, VS Code, and more.

CVE-2025-40200 | Mondoo Vulnerability Intelligence

CVE-2025-40200

UNKNOWN

Squashfs: reject negative file sizes in squashfs_read_inode()

Published Nov 12, 2025

Modified 3 weeks ago

No fix available

In the Linux kernel, the following vulnerability has been resolved:

Squashfs: reject negative file sizes in squashfs_read_inode()

Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs.

This warning is ultimately caused because the underlying Squashfs file system returns a file with a negative file size.

This commit checks for a negative file size and returns EINVAL.

[phillip@squashfs.org.uk: only need to check 64 bit quantity]

PublishedNov 12, 2025

ModifiedDec 1, 2025