Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003232)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003232 advisory. The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002202)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002202 advisory. Buffer overflow in the nfs4getacluncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service memory...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002739)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002739 advisory. The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003166)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003166 advisory. The addfreenid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002918)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002918 advisory. The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002235)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002235 advisory. Off-by-one error in the builduncpathtoroot function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service memory...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002106)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002106 advisory. Race condition in the smbsendrqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service NULL pointer...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002013)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002013 advisory. The udfpctochar function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denia...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003113)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003113 advisory. The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service system crash via a long RPC...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002339)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002339 advisory. The udfpctochar function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denia...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001775)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001775 advisory. The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002027)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002027 advisory. The fusefillwritepages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service infinite loop via a writev system ca...

CVE-2025-68771

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...

CVE-2025-71069

In the Linux kernel, the following vulnerability has been resolved: f2fs: invalidate dentry cache on failed whiteout creation F2FS can mount filesystems with corrupted directory depth values that get runtime-clamped to MAXDIRHASHDEPTH. When RENAMEWHITEOUT operations are performed on such...

CVE-2026-20820

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

CVE-2025-71105

In the Linux kernel, the following vulnerability has been resolved: f2fs: use global inlinexattrslab instead of per-sb slab cache As Hong Yun reported in mailing list: loop7: detected capacity change from 0 to 131072 ------------ cut here ------------ kmemcache of name 'f2fsxattrentry-7:7' alread...

CVE-2025-71106 fs: PM: Fix reverse check in filesystems_freeze_callback()

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystemsfreezecallback The freezeallptr check in filesystemsfreezecallback introduced by commit a3f8f8662771 "power: always freeze efivarfs" is reverse which quite confusingly causes all file syste...

CVE-2025-71107 f2fs: ensure node page reads complete before f2fs_put_super() finishes

In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads complete before f2fsputsuper finishes Xfstests generic/335, generic/336 sometimes crash with the following message: F2FS-fs dm-0: detect filesystem reference count leak during umount, type: 9, count: ...

CVE-2025-71105

In the Linux kernel, the following vulnerability has been resolved: f2fs: use global inlinexattrslab instead of per-sb slab cache As Hong Yun reported in mailing list: loop7: detected capacity change from 0 to 131072 ------------ cut here ------------ kmemcache of name 'f2fsxattrentry-7:7' alread...

CVE-2025-71105

CVE-2025-71105 documents a Linux kernel issue in f2fs where two slab caches (f2fs_xattr_entry-7:3 and f2fs_xattr_entry-7:7) with identical slab sizes cause kmem_cache_sanity_check warnings during mount operations. The root cause is using per-sb slab caches instead of a single global slab, leading...