675 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53272
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I...
SUSE CVE-2026-53272
In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...
CVE-2026-53015
A flaw was found in the Linux kernel's erofs filesystem. On 32-bit platforms, the lcn variable, used for logical cluster numbers, was defined as a 32-bit integer. This could lead to truncation when calculating offsets larger than 4 Gigabytes GiB, potentially causing incorrect data handling within...
CVE-2026-53272
In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...
UBUNTU-CVE-2026-53272
In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...
CVE-2026-53272
The CVE-2026-53272 entry concerns the EROFS filesystem in the Linux kernel. A use-after-free was fixed in sbi->sync_decompress: z_erofs_endio() queues z_erofs_decompressqueue_work(), then, after folios unlock, the unmount path can proceed and erofs_sb_free may kfree(sbi) before sbi->sync_de...
EUVD-2026-39223
In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...
CVE-2026-53272
In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...
Linux Distros Unpatched Vulnerability : CVE-2026-53015
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: unify lcn as u64 for 32-bit platforms As sashiko reported 1, lcn was typed as unsigned long or unsigned int sometimes, which is only 32 bits wide on 32-b...
EUVD-2026-38883
In the Linux kernel, the following vulnerability has been resolved: erofs: unify lcn as u64 for 32-bit platforms As sashiko reported 1, lcn was typed as unsigned long or unsigned int sometimes, which is only 32 bits wide on 32-bit platforms, which causes lcn lclusterbits to be truncated at 4 GiB...
CVE-2026-53015
In the Linux kernel’s EROFS code, the lcn field was typed as unsigned long (or unsigned int), which is 32-bit on 32-bit platforms, causing (lcn <
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: erofs: Proper handling of the end of the filesystem is required for file-backed mounts. I/O requests that go beyond the end of the filesystem should be set to zero, similar to the behavior of loopback devices. This is what we...
PT-2026-51909
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the erofs component where the lcn variable was typed as unsigned long or unsigned int. On 32-bit platforms, this variable is only 32 bits wide, leading to the truncati...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: erofs: Fixed invalid cases for encoded extents. Robert recently reported two corrupted images that can cause system crashes. These issues are related to the new encoded extents introduced in Linux 6.15: - The first image has...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: erofs: Avoid infinite loops caused by corrupted subpage compact indexes. Robert reported an infinite loop observed in two crafted images. The root cause is that clusterofs can be larger than lclustersize for !NONHEAD lclusters...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: EROFs: Avoid linking hooked chains to prevent loops in deduplicated compressed images. After subjecting EROFS to heavy stress using several images that included a handcrafted image with repeated patterns for over 46 days, I...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: erofs: Fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis. Each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: erofs/zmap.c: Corrected incorrect offset calculation The effective offset to be added to the length was incorrectly calculated, resulting in iomap-length being set to 0, which triggered a WARNON in iomapiterdone. This issue was...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: Add GFPNOIO to the bio completion if necessary. The bio completion path in the process context e.g., dm-verity will directly call into decompression instead of triggering another workqueue context for minimal scheduling...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: Fix for the missing unmap operation when zerofsgetextentcompressedlen fails. Otherwise, meta buffers could be leaked...