Linux Distros Unpatched Vulnerability : CVE-2023-54153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: turn quotas off if mount failed after enabling quotas Yi found during a review of the patch ext4: don't BUG on inconsistent journal feature that when...

PT-2025-53060

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s ext4 file system related to extended attribute handling. Specifically, the ext4 xattr move to block function contains an issue where memory could be...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ext4 file system not properly setting the target starting block, which could lead to out-of-bounds acces...

PT-2025-52978

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue was identified in the Linux kernel related to the ext4 filesystem. The problem involves incorrectly setting the goal start in the ext4 mb normalize request function. Specificall...

PT-2025-53148

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to ext4 quota handling. Specifically, a bug in the es tree search function can occur due to a bad quota inode. This issue arises when the inode...

PT-2025-53034

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the ext4 subsystem related to inode eviction with dioread nolock. Specifically, a warning could occur when evicting an inode, potentially due to...

SUSE CVE-2025-68337

In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bugon in jbd2journalgetcreateaccess when file system corrupted There's issue when file system corrupted: ------------ cut here ------------ kernel BUG at fs/jbd2/transaction.c:1289! Oops: invalid opcode: 0000 1 SMP...

kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values

A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

CVE-2025-68337

CVE-2025-68337 concerns the Linux kernel: a JBD2/jbd2_journal_get_create_access path could trigger a BUG_ON under file-system corruption, potentially crashing the system. The issue arises when file-system data becomes inconsistent (e.g., block bitmap of a referenced block not set), allowing a blo...

RHEL 7 : kernel (RHSA-2025:23947)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23947 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ALSA: usb-audio: Validate UAC...

ext4: refresh inline data size before write operations

...

kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values

A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image...

SUSE CVE-2025-40361

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2025-68261

In the Linux kernel, the following vulnerability has been resolved: ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data destruction and block mapping. The function ext4destroyinlinedatanolock changes the inode data layout by clearing EXT4INODEINLINEDATA and...

SUSE CVE-2025-68264

In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei-iinlinesize can become stale between the initial size check and when ext4updateinlinedata/ext4createinlinedata use it. Although ext4getmaxinlinesize reads the...

Oracle Linux 7 : kernel (ELSA-2025-21063)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21063 advisory. - HID: core: fix shift-out-of-bounds in hidreportrawevent CVE-2022-48978 Orabug: 38644370 - crypto: seqiv - Handle EBUSY correctly CVE-2023-53373...

EUVD-2025-203738

In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei-iinlinesize can become stale between the initial size check and when ext4updateinlinedata/ext4createinlinedata use it. Although ext4getmaxinlinesize reads the...

EUVD-2025-203741

In the Linux kernel, the following vulnerability has been resolved: ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data destruction and block mapping. The function ext4destroyinlinedatanolock changes the inode data layout by clearing EXT4INODEINLINEDATA and...

EUVD-2025-203732

In the Linux kernel, the following vulnerability has been resolved: fs: ext4: change GFPKERNEL to GFPNOFS to avoid deadlock The parent function ext4xattrinodelookupcreate already uses GFPNOFS for memory alloction, so the function ext4xattrinodecachefind should use same gfpflag...