153 matches found
DEBIAN-CVE-2025-54389
AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...
UBUNTU-CVE-2025-54389
AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...
PT-2025-33306
Name of the Vulnerable Software and Affected Versions: AIDE versions prior to 0.19.2 Description: AIDE is susceptible to an improper output neutralization issue. An attacker can create a malicious filename containing terminal escape sequences to conceal file additions or removals from reports and...
Linux Distros Unpatched Vulnerability : CVE-2022-50083
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: add EXT4INODEHASXATTRSPACE macro in xattr.h When adding an xattr to an inode, we must ensure that the inodesize is not less than EXT4GOODOLDINODESIZE +...
Linux Distros Unpatched Vulnerability : CVE-2018-12233
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two...
Linux Distros Unpatched Vulnerability : CVE-2024-40902
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of...
kernel: Squashfs: fix handling and sanity checking of xattr_ids count
In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix handling and sanity checking of xattrids count A Sysbot 1 corrupted filesystem exposes two flaws in the handling and sanity checking of the xattrids count in the filesystem. Both of these flaws cause computation...
CBL Mariner 2.0 Security Update: kernel (CVE-2025-39735)
"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-39735 advisory. - In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eag...
SUSE CVE-2025-39735
In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...
DEBIAN-CVE-2025-39735
In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...
UBUNTU-CVE-2025-39735
In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...
CVE-2025-39735
CVE-2025-39735 affects the Linux kernel's JFS: a slab-out-of-bounds read in ea_get() can occur when processing extended attributes. The root cause is an overflow during clamping of ea_size against EALIST_SIZE(ea_buf->xattr) due to int upper-bound handling, causing a negative size to be used in...
CVE-2025-39735 jfs: fix slab-out-of-bounds read in ea_get()
In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...
CVE-2023-4458 Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on...
jfs: Fix uninit-value access of new_ea in ea_buffer
...
kernel: ext4: do not create EA inode under buffer lock
A vulnerability was found in the Linux kernel's ext4 filesystem, where the system could create EA inodes while holding a buffer lock, this approach can lead to deadlocks, especially if the filesystem is corrupted...
UBUNTU-CVE-2024-49900
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ocfs2 file system not reserving enough space for an inline xattr before attaching a reflink tree...
kernel: ext4: do not create EA inode under buffer lock
A vulnerability was found in the Linux kernel's ext4 filesystem, where the system could create EA inodes while holding a buffer lock, this approach can lead to deadlocks, especially if the filesystem is corrupted...
kernel: ext4: do not create EA inode under buffer lock
A vulnerability was found in the Linux kernel's ext4 filesystem, where the system could create EA inodes while holding a buffer lock, this approach can lead to deadlocks, especially if the filesystem is corrupted...