17753 matches found
PT-2025-40419
Name of the Vulnerable Software and Affected Versions affected versions not specified Description An unauthenticated debug port may allow access to the device file system. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-2025-47718
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s Network File System daemon NFSD related to the handling of NFSv4 COMPOUND operations. Specifically, a previous change removed a limit on the number of...
SUSE CVE-2023-53457
In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved by checking if the...
SUSE CVE-2023-53485
In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:1965:6 index -84 is out of range for type 's8341' aka 'signed char341'...
curl: Unsanitized IPFS CID Allows SSRF Against Configured Gateway
Summary: ipfsurlrewrite in src/toolipfs.c decodes the host component CID of ipfs:// / ipns:// URLs using CURLUURLDECODE and then concatenates that decoded value directly into the gateway path aprintf"%s%s/%s%s", ... without normalization or validation. A crafted host value for example...
USN-7774-4 linux-kvm vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA...
USN-7789-1 linux-oracle-6.14 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACP...
CVE-2023-53457
In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved by checking if the...
UBUNTU-CVE-2023-53486
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Enhance the attribute size check This combines the overflow and boundary check so that all attribute size will be properly examined while enumerating them. 169.181521 BUG: KASAN: slab-out-of-bounds in...
UBUNTU-CVE-2022-50465
In the Linux kernel, the following vulnerability has been resolved: ext4: fix leaking uninitialized memory in fast-commit journal When space at the end of fast-commit journal blocks is unused, make sure to zero it out so that uninitialized memory is not leaked to disk...
CVE-2023-53511 io_uring: fix fget leak when fs don't support nowait buffered read
In the Linux kernel, the following vulnerability has been resolved: iouring: fix fget leak when fs don't support nowait buffered read Heming reported a BUG when using iouring doing link-cp on ocfs2. 1 Do the following steps can reproduce this BUG: mount -t ocfs2 /dev/vdc /mnt/ocfs2 cp testfile...
CVE-2022-50465 ext4: fix leaking uninitialized memory in fast-commit journal
In the Linux kernel, the following vulnerability has been resolved: ext4: fix leaking uninitialized memory in fast-commit journal When space at the end of fast-commit journal blocks is unused, make sure to zero it out so that uninitialized memory is not leaked to disk...
CVE-2022-50460
The CVE-2022-50460 issue is in the Linux kernel CIFS logic: an xid leak in cifs_flock() when flock is used can leak xid on early return (-ENOLCK). Multiple connected advisories (Astra Linux, Unity Linux, EulerOS, SUSE) cite the same description and confirm a fix in the kernel. The vulnerability i...
CVE-2022-50456 btrfs: fix resolving backrefs for inline extent followed by prealloc
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix resolving backrefs for inline extent followed by prealloc If a file consists of an inline extent followed by a regular or prealloc extent, then a legitimate attempt to resolve a logical address in the non-inline region...
CVE-2022-50455
CVE-2022-50455 entry is rejected/not used per the Initial Description.
CVE-2022-50451 fs/ntfs3: Fix memory leak on ntfs_fill_super() error path
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak on ntfsfillsuper error path syzbot reported kmemleak as below: BUG: memory leak unreferenced object 0xffff8880122f1540 size 32: comm "a.out", pid 6664, jiffies 4294939771 age 25.500s hex dump first 32...
CVE-2023-53486
CVE-2023-53486 affects the Linux kernel ntfs3 implementation. The fixed issue is a combined overflow/boundary check in attribute size validation during NTFS attribute enumeration, which could lead to slab-out-of-bounds access (KASAN) when mounting or reading NTFS volumes. The description and conn...
CVE-2023-53485 fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:1965:6 index -84 is out of range for type 's8341' aka 'signed char341'...
CVE-2023-53457 FS: JFS: Fix null-ptr-deref Read in txBegin
In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved by checking if the...
CVE-2023-53457
CVE-2023-53457 : In Linux kernel, JFS txBegin can NULL-deref when called on a read-only superblock; fix adds a read-only filesystem check before txBegin and returns an appropriate error code. Exploitation status and exact patch details beyond this description are not provided in the supplied docu...