CVE-2025-71069 f2fs: invalidate dentry cache on failed whiteout creation

In the Linux kernel, the following vulnerability has been resolved: f2fs: invalidate dentry cache on failed whiteout creation F2FS can mount filesystems with corrupted directory depth values that get runtime-clamped to MAXDIRHASHDEPTH. When RENAMEWHITEOUT operations are performed on such...

CVE-2025-68803 NFSD: NFSv4 file creation neglects setting ACL

In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL based on the mode bits and not the...

CVE-2025-68796

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating zero-sized extent in extent cache As syzbot reported: F2FS-fs loop0: updateextenttreerange: extent len is zero, type: 0, extent 0, 0, 0, age 0, 0 ------------ cut here ------------ kernel BUG at...

CVE-2025-68784

CVE-2025-68784 pertains to the Linux kernel (xfs). The issue is a use-after-free in xattr repair where xchk_setup_xattr_buf can allocate a new value buffer, potentially leaving ab->value references dangling. The fix moves the assignment to after the buffer setup, mitigating the dangling refere...

CVE-2025-68772

The CVE-2025-68772 entry relates to the Linux kernel f2fs subsystem. The issue arises during writeback when compression context is updated for a possibly compressed file, leading to a race where i_cluster_size may be inconsistent (0 vs 4) and can trigger a divide-by-zero in f2fs_all_cluster_page_...

CVE-2025-68772 f2fs: fix to avoid updating compression context during writeback

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating compression context during writeback Bai, Shuangpeng reported a bug as below: Oops: divide error: 0000 1 SMP KASAN PTI CPU: 0 UID: 0 PID: 11441 Comm: syz.0.46 Not tainted 6.17.0 1 PREEMPTfull Hardware...

CVE-2025-68771

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not assert that we found a block group item when creating a free space tree. Currently, when building a free space tree using populatefreespacetree, if the block group tree feature is not enabled, we always expect to fi...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: A infinite loop has been fixed in insertextenttree. When incorrect extent information is received, and extentnode is looked up in the RB tree, it can lead to an infinite loop CONFIGF2FSCHECKFS=n. To avoid this issue, a NULL...

kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()

A vulnerability has been identified in the Linux kernel's Network File System NFS daemon that could allow for a Denial of Service and in worst case scenario Arbitrary Code Execution. This Use-After-Free flaw arises from a race condition when the kernel handles the confirmation of an NFS client...

PT-2026-2378

Name of the Vulnerable Software and Affected Versions Wondershare FamiSafe version 1.0 Description The software contains an unquoted service path issue within the FSService component. This could allow local users to potentially execute code with elevated privileges. The issue stems from an unquot...

PT-2026-2670

Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Description A heap-based buffer overflow exists in the Windows Common Log File System Driver. Exploitation of this issue can allow an authorized attacker to elevate privileges locally. The issue...

Microsoft Windows NTFS 安全漏洞

Microsoft Windows NTFS is a file system from Microsoft USA that serves computer files. The file system has error warning, disk self-healing and logging capabilities. A code execution vulnerability exists in Microsoft Windows NTFS, which can be exploited by an attacker to execute arbitrary code on...

Microsoft Windows Common Log File System Driver 安全漏洞

The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by specialized client applications and shared by multiple clients to optimize logging and access. access. A...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a clnextfreerec field in ocfs2findvictimchain that is 0 or greater than clcount, which could cause the kerne...

MiracleLinux 8 : kernel-4.18.0-553.78.1.el8_10 (AXSA:2025-10963:77)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10963:77 advisory. kernel: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 kernel: NFS: Fix filehandle bounds checking in nfsfhtodentry CVE-2025-397...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a potential deadlock issue in f2fs, which could lead to a deadlock...

Linux Distros Unpatched Vulnerability : CVE-2025-68771

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list...

MiracleLinux 9 : kernel-5.14.0-570.58.1.el9_6 (AXSA:2025-11021:85)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11021:85 advisory. kernel: vsock/virtio: Validate length in packet header before skbput CVE-2025-39718 kernel: NFS: Fix filehandle bounds checking in nfsfhtodentry...

ROS-20260113-7321

A vulnerability in the f2fssetattr function of the fs/f2fs/file.c module of the Linux kernel's F2FS file system support is related to improper control of resource identifiers "resource injection". Exploitation of the vulnerability may allow a remote intruder to affect the integrity of protected...