CVE-2026-45915

In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls dropnlinkdir and can drive inlink...

CVE-2026-45912

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

CVE-2026-45858 ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1

In the Linux kernel, the following vulnerability has been resolved: ext4: don't zero the entire extent if EXT4EXTDATAPARTIALVALID1 When allocating initialized blocks from a large unwritten extent, or when splitting an unwritten extent during end I/O and converting it to initialized, there is...

SUSE CVE-2025-22240

Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to...

CrushFTP VFS - Sandbox Escape LFR

VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. id: CVE-2024-4040 info: name: CrushFTP VFS - Sandbox Escape LFR author: DhiyaneshDK,pussycat0x severity:...

PT-2026-44112

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.8.7 Description An issue exists in the hardware authentication system for Linux where shell injection can occur. A crafted UUID in the configuration can lead to root remote code execution when the pamusb-conf...

PT-2026-43968

In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmap prepare change Partially reverts commit 9d5403b1036c "fs: convert most other generic file mmap users to .mmap prepare". This is because the .mmap invocation establishes a refcount, but .mmap prepare is called...

PT-2026-43827

In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfs bnode create When hfs bnode create finds that a node is already hashed which should not happen in normal operation, it currently returns the existing node without incrementing...

CVE-2026-45864

fs/ntfs3: prevent infinite loops caused by the next valid being the same...

CVE-2026-45948

ext4: fix memory leak in ext4extshiftextents...

CVE-2026-45920

ext4: fix dirtyclusters double decrement on fs shutdown...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect setting of the EXT4GETBLOCKSCONVERT flag when ext4 divides a partition without...

PT-2026-43809

In the Linux kernel, the following vulnerability has been resolved: ext4: fix e4b bitmap inconsistency reports A bitmap inconsistency issue was observed during stress tests under mixed huge-page workloads. Ext4 reported multiple e4b bitmap check failures like: ext4 mb complex scan group:2508: gro...

PT-2026-43921

In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap and mprotect access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file the "user" file and the mounter's credentials ar...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from discontinuous gaps during block allocation in btrfs. This issue causes an EEXIST error in the...

PT-2026-44147

GM-374 Summary Multiple locations in Pimcore v11 call PHP's unserialize on data from database columns and filesystem files without the allowed classes restriction, enabling object injection if an attacker can control the serialized data source. Affected Component - Package: pimcore/pimcore and...

CVE-2026-46002

ext2: reject inodes with zero inlink and valid mode in ext2iget...

PT-2026-43876

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown epf ntb epc destroy duplicates the teardown that the caller is supposed to do later. This leads to an oops when .allow link fails or when .drop link is performed...

PT-2026-43787

In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown fstests test generic/388 occasionally reproduces a warning in ext4 put super associated with the dirty clusters count: WARNING: CPU: 7 PID: 76064 at fs/ext4/super.c:1324 ext...

PT-2026-43869

In the Linux kernel, the following vulnerability has been resolved: ext2: reject inodes with zero i nlink and valid mode in ext2 iget ext2 iget already rejects inodes with i nlink == 0 when i mode is zero or i dtime is set, treating them as deleted. However, the case of i nlink == 0 with a non-ze...