CVE-2025-22002 netfs: Call `invalidate_cache` only if implemented

In the Linux kernel, the following vulnerability has been resolved: netfs: Call invalidatecache only if implemented Many filesystems such as NFS and Ceph do not implement the invalidatecache method. On those filesystems, if writing to the cache NETFSWRITETOCACHE fails for some reason, the kernel...

CVE-2025-22002

In the Linux kernel, the following vulnerability has been resolved: netfs: Call invalidatecache only if implemented Many filesystems such as NFS and Ceph do not implement the invalidatecache method. On those filesystems, if writing to the cache NETFSWRITETOCACHE fails for some reason, the kernel...

OESA-2025-1301 syslinux security update

The Syslinux Project covers lightweight bootloaders for MS-DOS FAT filesystems SYSLINUX, network booting PXELINUX, bootable "El Torito" CD-ROMs ISOLINUX, and Linux ext2/ext3/ext4 or btrfs filesystems EXTLINUX. The project also includes MEMDISK, a tool to boot legacy operating systems such as DOS...

CVE-2025-21830 landlock: Handle weird files

In the Linux kernel, the following vulnerability has been resolved: landlock: Handle weird files A corrupted filesystem e.g. bcachefs might return weird files. Instead of throwing a warning and allowing access to such file, treat them as regular files...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52610: net/sched: actct: fix skb leak and crash on ooo frags bsc1221610. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow...

CVE-2025-0373 Buffer overflow in some filesystems via NFS

On 64-bit systems, the implementation of VOPVPTOFH in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow. A NFS server that exports a cd9660, tarfs, or ext2fs file system can be made to panic by mounting and accessing the export with ...

FreeBSD-SA-25:02.fs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-25:02.fs Security Advisory The FreeBSD Project Topic: Buffer overflow in some filesystems via NFS Category: core Module: fs Announced: 2025-01-29 Credits: Kevin...

FreeBSD -- Buffer overflow in some filesystems via NFS

Problem Description: In order to export a file system via NFS, the file system must define a file system identifier FID for all exported files. Each FreeBSD file system implements operations to translate between FIDs and vnodes, the kernel's in-memory representation of files. These operations are...

CVE-2024-57941

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the non-cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled e.g. due to a DIO write on that file, future copying to the cache for that file is disabled until al...

SUSE CVE-2024-23331

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

CVE-2024-53235

In the Linux kernel, the following vulnerability has been resolved: erofs: fix file-backed mounts over FUSE syzbot reported a null-ptr-deref in fusereadargsfill: fusereadfolio+0xb0/0x100 fs/fuse/file.c:905 filemapreadfolio+0xc6/0x2a0 mm/filemap.c:2367 doreadcachefolio+0x263/0x5c0 mm/filemap.c:382...

UBUNTU-CVE-2024-53235

In the Linux kernel, the following vulnerability has been resolved: erofs: fix file-backed mounts over FUSE syzbot reported a null-ptr-deref in fusereadargsfill: fusereadfolio+0xb0/0x100 fs/fuse/file.c:905 filemapreadfolio+0xc6/0x2a0 mm/filemap.c:2367 doreadcachefolio+0x263/0x5c0 mm/filemap.c:382...

DEBIAN-CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid CVE-2023-53728 In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARNONCE in verifierl log...

Path Traversal

Safearchive is vulnerable to a Path Traversal. The vulnerability is due to the handling of archive extractions on case-insensitive filesystems e.g., NTFS, which allows attackers to write arbitrary files by using symbolic links in the archive...

CVE-2024-50386

CVE-2024-50386 affects Apache CloudStack where by default, derived KVM-compatible templates can be registered for download to primary storage. The root cause is missing validation checks for KVM templates in CloudStack versions 4.0.0–4.18.2.4 and 4.19.0–4.19.1.2. An attacker able to register temp...

GHSA-Q3RP-VVM7-J8JG Safearchive Path Traversal vulnerability

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems e.g., NTFS. This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc...

Safearchive Path Traversal vulnerability

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems e.g., NTFS. This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc...

CVE-2024-10389

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems e.g., NTFS. This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc...

CVE-2024-10389 Path Traversal in Safearchive

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems e.g., NTFS. This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc...