CVE-2025-68820

In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4rawinode If ext4getinodeloc fails e.g. if it returns -EFSCORRUPTED, iloc.bh will remain set to NULL. Since ext4xattrinodedecrefall lacks error checking, this will lead to a null pointer...

CVE-2025-68820

The CVE-2025-68820 entry corresponds to a resolved Linux kernel issue in ext4: xattr, where ext4_get_inode_loc() failures could leave iloc.bh NULL and ext4_xattr_inode_dec_ref_all() would not check errors, causing a NULL dereference in ext4_raw_inode() after get_inode_loc(). The associated connec...

CVE-2025-68820

In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4rawinode If ext4getinodeloc fails e.g. if it returns -EFSCORRUPTED, iloc.bh will remain set to NULL. Since ext4xattrinodedecrefall lacks error checking, this will lead to a null pointer...

PT-2026-2552

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's ext4 implementation related to extended attribute handling. Specifically, a null pointer dereference can occur within the ext4 raw inode function if...

Linux Distros Unpatched Vulnerability : CVE-2025-68820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4rawinode If ext4getinodeloc fails e.g. if it...

MiracleLinux 7 : kernel-3.10.0-1160.139.1.0.1.el7.AXS7 (AXSA:2025-11327:91)

"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11327:91 advisory. ext4: fix possible UAF when remounting r/o a mmp-protected file system CVE-2021-47342 ext4: fix memory leak in ext4fillsuper net: defer final...

MiracleLinux 9 : kernel-5.14.0-570.30.1.el9_6 (AXSA:2025-10778:57)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10778:57 advisory. kernel: media: uvcvideo: Fix double free in error path CVE-2024-57980 kernel: wifi: iwlwifi: limit printed string from FW file CVE-2025-21905 kerne...

MiracleLinux 8 : kernel-4.18.0-553.66.1.el8_10 (AXSA:2025-10755:54)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10755:54 advisory. kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 kernel: memstick: rtsxusbms: Fix slab-use-after-free in...

MiracleLinux 7 : kernel-3.10.0-1160.119.1.0.14.el7.AXS7 (AXSA:2025-10933:76)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10933:76 advisory. x86/kvm: Disable kvmclock on all CPUs on shutdown CVE-2021-47110 posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel...

CVE-2019-11059

Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow...

Siemens Ruggedcom ROX Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-0850)

A vulnerability was found in linux kernel, where an information leak occurs via ext4extentheader to userspace. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

CLSA-2026-1767867153 kernel: Fix of 16 CVEs

crypto: lzo - Fix compression buffer overrun CVE-2025-38068 - wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work CVE-2025-39863 - NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-43945 - tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-40186 - can:...

CLSA-2026-1767864313 kernel: Fix of 46 CVEs

mm: hugetlb: fix UAF in hugetlbhandleuserfault CVE-2022-50630 - drm/amdkfd: fix potential kgdmem UAFs CVE-2023-53816 - net/mlx5e: Fix deadlock in tc route query code CVE-2023-53591 - PCI: Fix pcideviceispresent for VFs by checking PF CVE-2022-50636 - wifi: ath11k: fix monitor mode bringup crash...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000468)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000468 advisory. The Linux kernel before 5.4.2 mishandles ext4expandextraisize, as demonstrated by use-after-free errors in ext4expandextraisize and ext4xattrsetentry, related to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000396)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000396 advisory. fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000450)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000450 advisory. In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000456)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000456 advisory. In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4putsuper in...

Linux Distros Unpatched Vulnerability : CVE-2023-54187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix potential corruption when moving a directory F2FS has the same issue in ext4rename causing crash revealed by xfstests/generic/707. See also commit...

CVE-2022-50845

In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4xattrinodecreate on an error path There is issue as follows when do setxattr with inject fault: localhost fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 12-Sep-2022 Pass 1: Checking inodes, blocks, and sizes...

CVE-2023-54187

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix potential corruption when moving a directory F2FS has the same issue in ext4rename causing crash revealed by xfstests/generic/707. See also commit 0813299c586b "ext4: Fix possible corruption when moving a directory"...