CVE-2025-40049

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Squashfs: fix uninit-value in squashfs_get_parent<br /> <br /> Syzkaller reports a "KMSAN: uninit-value in squashfs_get_parent" bug.<br /> <br /> This is caused by open_by_handle_at() being called with a file handle<br /> containing an invalid parent inode number. In particular the inode number<br /> is that of a symbolic link, rather than a directory.<br /> <br /> Squashfs_get_parent() gets called with that symbolic link inode, and<br /> accesses the parent member field.<br /> <br /> unsigned int parent_ino = squashfs_i(inode)-&gt;parent;<br /> <br /> Because non-directory inodes in Squashfs do not have a parent value, this<br /> is uninitialised, and this causes an uninitialised value access.<br /> <br /> The fix is to initialise parent with the invalid inode 0, which will cause<br /> an EINVAL error to be returned.<br /> <br /> Regular inodes used to share the parent field with the block_list_start<br /> field. This is removed in this commit to enable the parent field to<br /> contain the invalid inode number 0.