Acknowledged
Created: Oct 29, 2025
Updated: Oct 30, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]Squashfs: fix uninit-value in squashfs_get_parent[EOL][EOL]Syzkaller reports a "KMSAN: uninit-value in squashfs_get_parent" bug.[EOL][EOL]This is caused by open_by_handle_at() being called with a file handle[EOL]containing an invalid parent inode number. In particular the inode number[EOL]is that of a symbolic link, rather than a directory.[EOL][EOL]Squashfs_get_parent() gets called with that symbolic link inode, and[EOL]accesses the parent member field.[EOL][EOL]\tunsigned int parent_ino = squashfs_i(inode)->parent;[EOL][EOL]Because non-directory inodes in Squashfs do not have a parent value, this[EOL]is uninitialised, and this causes an uninitialised value access.[EOL][EOL]The fix is to initialise parent with the invalid inode 0, which will cause[EOL]an EINVAL error to be returned.[EOL][EOL]Regular inodes used to share the parent field with the block_list_start[EOL]field. This is removed in this commit to enable the parent field to[EOL]contain the invalid inode number 0.
