DEBIAN-CVE-2024-49966

In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqisyncwork before freeing oinfo ocfs2globalreadinfo will initialize and schedule dqisyncwork at the end, if error occurs after successfully reading global quota, it will trigger the following warning with...

UBUNTU-CVE-2024-49957

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journalreset fails because of too short journal, then lead to jbd2journalload fails with NULL jsbbuffer. Subsequently, ocfs2journalshutdown calls...

SUSE CVE-2024-41016

In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2xattrfindentry xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this...

SUSE CVE-2024-42077

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2dioendiowrite estimates number of necessary transaction credits using ocfs2calcextendcredits. This however does not take into account that the IO cou...

DEBIAN-CVE-2024-41015

In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2checkdirentry This adds sanity checks for ocfs2direntry to make sure all members of ocfs2direntry don't stray beyond valid memory region...

SUSE CVE-2024-40951

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2aborttrigger bdev-bdsuper has been removed and commit 8887b94d9322 change the usage from bdev-bdsuper to bassocmap-host-isb. Since ocfs2 hasn't set bh-bassocmap, it will trigger NULL...

UBUNTU-CVE-2024-40951

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2aborttrigger bdev-bdsuper has been removed and commit 8887b94d9322 change the usage from bdev-bdsuper to bassocmap-host-isb. Since ocfs2 hasn't set bh-bassocmap, it will trigger NULL...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference issue in the ocfs2 file system in the ocfs2journaldirty function...

CVE-2021-47460

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 "fs: Don't invalidate page buffers in blockwritefullpage" uncovered a latent bug in ocfs2 conversion from inline inode format to a normal inode...

UBUNTU-CVE-2021-47458

In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with CONFIGFORTIFYSOURCE mouting an ocfs2 filesystem with either o2cb or pcmk cluster stack fails with the trace below. Problem seems to be that...

[SECURITY] [DLA 2806-1] glusterfs security update

Debian LTS Advisory DLA-2806-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 01, 2021 https://wiki.debian.org/LTS Package : glusterfs Version : 3.8.8-1+deb9u1 CVE ID : CVE-2018-1088 CVE-2018-10841 CVE-2018-10904 CVE-2018-10907 CVE-2018-10911...

DEBIAN-CVE-2017-18224

In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service BUG by modifying a certain ecpos field...

UBUNTU-CVE-2017-18204

The ocfs2setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service deadlock via DIO requests...

CVE-2011-0463

The ocfs2preparepageforwrite function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 OCFS2 subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized dis...

Design/Logic Flaw

The ocfs2preparepageforwrite function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 OCFS2 subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized dis...

CVE-2011-0463

The ocfs2preparepageforwrite function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 OCFS2 subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized dis...