[PATCH 1/2] published: CVE-2025-0927: Fix up JSON schema.
From: Siddh Raman Pant
Date: Wed Apr 02 2025 - 02:52:15 EST
It doesn't match the schema of other CVEs as it was not generated
by bippy.
Fixed by hand / manually.
programFiles were added from the info in mbox.
Signed-off-by: Siddh Raman Pant <siddh.raman.pant@xxxxxxxxxx>
---
cve/published/2025/CVE-2025-0927.json | 36 ++++++++-------------------
1 file changed, 11 insertions(+), 25 deletions(-)
diff --git a/cve/published/2025/CVE-2025-0927.json b/cve/published/2025/CVE-2025-0927.json
index 0a61961ede76..743e70d4b100 100644
--- a/cve/published/2025/CVE-2025-0927.json
+++ b/cve/published/2025/CVE-2025-0927.json
@@ -4,8 +4,13 @@
"affected": [
{
"defaultStatus": "unaffected",
- "product": "Linux Kernel",
+ "product": "Linux",
"vendor": "Linux",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git";,
+ "programFiles": [
+ "fs/hfs/bnode.c",
+ "fs/hfsplus/bnode.c",
+ ]
"versions": [
{
"status": "affected",
@@ -17,26 +22,10 @@
"descriptions": [
{
"lang": "en",
- "supportingMedia": [
- {
- "base64": false,
- "type": "text/html",
- "value": "In the Linux kernel, the following vulnerability has been found:<br> <br>A heap overflow in the hfs and hfsplus filesystems can happen if a user mounts a manually crafted filesystem.<br> <br>At this point in time, it is not fixed in any released kernel version, this is a stop-gap report to notify that kernel.org is now the owner of this CVE id. <br> <br>The Linux kernel CVE team has been assigned CVE-2025-0927 as it was incorrectly created by a different CNA that really should have known better to not have done this.to this issue.<br>"
- }
- ],
- "value": "In the Linux kernel, the following vulnerability has been found:\n \nA heap overflow in the hfs and hfsplus filesystems can happen if a user mounts a manually crafted filesystem.\n \nAt this point in time, it is not fixed in any released kernel version, this is a stop-gap report to notify that kernel.org is now the owner of this CVE id. \n \nThe Linux kernel CVE team has been assigned CVE-2025-0927 as it was incorrectly created by a different CNA that really should have known better to not have done this.to this issue."
- }
- ],
- "problemTypes": [
- {
- "descriptions": [
- {
- "description": "heap overflow in the hfs and hfsplus filesystems with manually crafted filesystem",
- "lang": "en"
- }
- ]
+ "value": "In the Linux kernel, the following vulnerability has been found:\n\nA heap overflow in the hfs and hfsplus filesystems can happen if a user\nmounts a manually crafted filesystem.\n\nAt this point in time, it is not fixed in any released kernel version,\nthis is a stop-gap report to notify that kernel.org is now the owner of\nthis CVE id.\n\nThe Linux kernel CVE team has been assigned CVE-2025-0927 as it was\nincorrectly created by a different CNA that really should have known\nbetter to not have done this to this issue."
}
],
+ "title": "heap overflow in the hfs and hfsplus filesystems with manually crafted filesystem",
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
@@ -45,21 +34,18 @@
"url": "https://www.kernel.org/";
}
],
- "source": {
- "discovery": "UNKNOWN"
- },
"x_generator": {
- "engine": "Vulnogram 0.2.0"
+ "engine": "Human fixing output of Vulnogram 0.2.0 for Linux"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
- "cveId": "CVE-2025-0927",
+ "cveID": "CVE-2025-0927",
"requesterUserId": "gregkh@xxxxxxxxxx",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
- "dataVersion": "5.1"
+ "dataVersion": "5.0"
}
--
2.47.2