CVE-2023-53838

CVE-2023-53838 — Linux kernel f2fs atomic write aborts race has concrete details in connected sources: the vulnerability affects the f2fs implementation in the Linux kernel, arising from a race condition between atomic write aborts that can leave a COW inode in an inconsistent state. The root cau...

CVE-2023-53835

The CVE-2023-53835 entry concerns the Linux kernel ext4 filesystem: when remounting from read-only to read/write, SB_RDONLY can be cleared before quota is initialized, potentially triggering a WARN_ON_ONCE(dquot_initialize_needed(inode)) in ext4_xattr_block_set(). The issue is documented with a d...

CVE-2023-53835

...

CVE-2023-53829 f2fs: flush inode if atomic file is aborted

In the Linux kernel, the following vulnerability has been resolved: f2fs: flush inode if atomic file is aborted Let's flush the inode being aborted atomic operation to avoid stale dirty inode during eviction in this call stack: f2fsmarkinodedirtysync+0x22/0x40 f2fs f2fsabortatomicwrite+0xc4/0xf0...

CVE-2022-50673

In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4orphancleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in listaddvalid+0x28/0x1a0 Read of size 8 at addr...

CVE-2022-50668 ext4: fix deadlock due to mbcache entry corruption

In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock due to mbcache entry corruption When manipulating xattr blocks, we can deadlock infinitely looping inside ext4xattrblockset where we constantly keep finding xattr block for reuse in mbcache but we are unable to...

DEBIAN-CVE-2023-53804

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nilfsroot in nilfsevictinode During unmount process of nilfs2, nothing holds nilfsroot structure after nilfs2 detaches its writer in nilfsdetachlogwriter. However, since nilfsevictinode uses...

CVE-2022-50638

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in estreesearch caused by bad boot loader inode We got a issue as fllows: ================================================================== kernel BUG at fs/ext4/extentsstatus.c:203! invalid opcode: 0000 1 PREEMP...

SUSE CVE-2022-50620

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to invalidate dcc-f2fsissuediscard in error path Syzbot reports a NULL pointer dereference issue as below: refcountadd include/linux/refcount.h:193 inline refcountinc include/linux/refcount.h:250 inline refcountinc...

CVE-2023-53810 blk-mq: release crypto keyslot before reporting I/O complete

In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey has completed, filesystems can call blkcryptoevictkey. However, the block layer currently doesn't call blkcryptoputkeyslot until the...

PT-2025-49699

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to ext4 filesystem handling of extended attributes xattrs. A deadlock situation can occur during manipulation of xattr blocks due to mbcache ent...

Phoenix Contact FL SWITCH 信任管理问题漏洞

The PHOENIX CONTACT FL SWITCH is an industrial grade Ethernet switch from PHOENIX CONTACT, Germany. A trust management issue vulnerability exists in Phoenix Contact FL SWITCH versions prior to 3.50, which stems from undocumented UART ports and hardcoded credentials that could result in a partial...

PT-2025-49815

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

Qnap QTS and QuTS hero Path Traversal (CVE-2025-30271)

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following...

PT-2025-49726

In the Linux kernel, the following vulnerability has been resolved: ext4: don't clear SB RDONLY when remounting r/w until quota is re-enabled When a file system currently mounted read/only is remounted read/write, if we clear the SB RDONLY flag too early, before the quota is initialized, and ther...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ext4mbusepreallocated not handling rbtree traversals correctly, which could lead to overlapping preallocated...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a corrupted ext4 filesystem mbcache entry, which could lead to a deadlock...

CVE-2025-40312

In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 "isofs: Verify inode mode when loading from disk" does...

CVE-2025-27020

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0...

CVE-2025-27020

CVE-2025-27020 affects Infinera MTC-9 due to an improper SSH service configuration. A misconfigured SSH implementation allows an unauthenticated attacker to execute arbitrary commands and read/write filesystem data over the network. Affected versions are R22.1.1.0275 up to, but not including, R23...