22926 matches found
Astra Linux - уязвимость в f2fs-tools
There is an exploitable information disclosure vulnerability in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can lead to an uninitialized read operation, resulting in information disclosure. An attacker can provide a malicious file to trigger this...
Astra Linux - уязвимость в f2fs-tools
There is an exploitable code execution vulnerability in the fsckchkorphannode functionality of the F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can lead to a heap buffer overflow, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. 162.459513 BUG: KASAN: use-after-free in...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in the File System API of Google Chrome prior to version 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a NULL pointer dereferencing issue in smb2getinfofilesystem. If share is provided, share-path will be NULL, which can lead to a NULL pointer dereferencing issue...
Astra Linux - уязвимость в grub2
A out-of-bounds write flaw was discovered in grub2’s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, resulting in corruption of grub’s heap metadata. In some cases, the attack may also corrupt the UEFI firmware heap metadata. As a...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Flush the inode if the atomic file is aborted. We need to flush the inode that was aborted during the atomic operation, to avoid stale dirty inodes during eviction in this call stack: f2fsmarkinodedirtysync+0x22/0x40 f2f...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sitbitmapsize w/ below testcase, resize will generate a corrupted image which contains inconsistent metadata, so when mounting such image, it will trigger kernel panic: touch img truncate -s...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs/9p: Fixed the issue of NULL pointer dereferencing when using mkdir. When a 9p tree was mounted with the posixacl option, the parent directory had a default ACL set for its subdirectories. For example: setfacl -m...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINEDATA + EXTENTS flag combination syzbot reported a BUGON in ext4escacheextent when opening a verity file on a corrupted ext4 filesystem mounted without a journal. The issue is that the filesystem has an...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: landlock: Handle weird files A corrupted filesystem e.g., bcachefs might return weird files. Instead of throwing a warning and allowing access to such files, treat them as regular files...
Astra Linux - уязвимость в linux
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fusedogetattr calls makebadinode in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is...
fuse: reject oversized dirents in page cache
...
SUSE CVE-2026-31713
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...
RHCOS 4 : OpenShift Container Platform 4.17.47 (RHSA-2026:0701)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0701 advisory. - runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 - runc: container escape with malicious...
Linux Distros Unpatched Vulnerability : CVE-2026-31713
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem...
CVE-2026-31713
A flaw was found in the Linux kernel's Filesystem in Userspace FUSE component. When using synchronous initialization sync init, if the FUSE server exits unexpectedly while processing the FUSEINIT request, the filesystem creation process can hang. This issue occurs because the mounting thread keep...
CVE-2026-43053
A flaw was found in the Linux kernel's XFS filesystem. During the inactivation of inodes with extended attributes, a specific timing window exists where a log shutdown can occur after some data blocks are invalidated but before the attribute map is fully truncated. This can lead to inconsistencie...
CVE-2026-43046
A flaw was found in the Linux kernel's btrfs filesystem. This vulnerability allows an attacker with local access to trigger a kernel bug system crash by providing specially crafted, malformed btrfs metadata on disk. Specifically, an invalid state where dropprogress.objectid is non-zero and...
CVE-2026-42473
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...