CVE-2025-40200: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-40200 affects the Linux kernel's Squashfs filesystem implementation. The vulnerability was discovered when Syskaller reported a 'WARNING in ovlcopyup_file' in overlayfs, caused by the underlying Squashfs file system returning a file with a negative file size (Debian Security, Ubuntu Security).

The vulnerability exists in the squashfsreadinode() function where the filesystem fails to properly validate file sizes, allowing negative values to be processed. This issue affects multiple Linux kernel versions and distributions, including various Ubuntu releases and Debian distributions. The vulnerability was addressed by implementing a check for negative file size values and returning EINVAL when detected (AttackerKB).

When exploited, this vulnerability could lead to system warnings and potential filesystem manipulation in systems using overlayfs with Squashfs as the underlying filesystem. The issue affects multiple Linux distributions and kernel versions, particularly impacting systems that utilize Squashfs filesystem functionality (Ubuntu Security).

The vulnerability has been patched in various Linux distributions. Fixed versions are available in Debian bookworm (6.1.158-1), trixie (6.12.57-1), and forky/sid (6.17.8-1). Ubuntu has also released patches for affected versions. Users are advised to update their systems to the latest available kernel version (Debian Security).