Summary: A newly disclosed security vulnerability, CVE-2025-0927, affects the Linux kernel, particularly Ubuntu 22.04 users, allowing local privilege escalation due to a heap overflow in the HFS+ file system. This flaw, present since 2005, could enable attackers to exploit the vulnerability via specially crafted filesystems without needing physical access. Ubuntu has released patches for this critical issue, assigning it a CVSS score of 7.8.
Affected: Ubuntu 22.04 with Linux Kernel 6.5.0-18-generic and Linux Kernel up to version 6.12.0
Keypoints :
- Vulnerability CVE-2025-0927 allows privilege escalation via heap overflow in the HFS+ file system.
- The flaw in the Linux kernel has existed since the initial git repository build in 2005.
- Ubuntuโs default settings allow unprivileged users to mount corrupted images, increasing exploitability.
- A public proof-of-concept exploit has been released by a cybersecurity researcher.
- Users are strongly advised to apply the provided patches to mitigate risks.