UBUNTU-CVE-2024-38636

In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list 1, kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 test gap zone support with F2FS failed runtime...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a problem with the f2fs:multidev module...

DEBIAN-CVE-2023-52852

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to avoid use-after-free on dic Call trace: memcpy+0x128/0x250 f2fsreadmultipages+0x940/0xf7c f2fsmpagereadpages+0x5a8/0x624 f2fsreadahead+0x5c/0x110 pagecacheraunbounded+0x1b8/0x590...

DEBIAN-CVE-2023-52748

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this: fs/f2fs/compress.c: In function ‘f2fsinitpagearraycache’: fs/f2fs/compress.c:1984:47: error: ‘%u’ directive writing between 1 and 7 bytes...

UBUNTU-CVE-2023-52852

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to avoid use-after-free on dic Call trace: memcpy+0x128/0x250 f2fsreadmultipages+0x940/0xf7c f2fsmpagereadpages+0x5a8/0x624 f2fsreadahead+0x5c/0x110 pagecacheraunbounded+0x1b8/0x590...

PT-2024-14734 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.5.12/6.6.2 Description: A vulnerability in the Linux kernel's f2fs component can cause a null pointer dereference, leading to a panic. This issue occurs when a file with a compressed flag is created, compressi...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from a flaw in the f2fs module...

UBUNTU-CVE-2023-52682

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for postread case If inode is compressed, but not encrypted, it missed to call f2fswaitonblockwriteback to wait for GCed page writeback in IPU write path. Thread A GC-Thread - f2fsgc -...

UBUNTU-CVE-2024-27035

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to guarantee persisting compressed blocks by CP If data block in compressed cluster is not persisted with metadata during checkpoint, after SPOR, the data may be corrupted, let's guarantee to write compressed...

PT-2024-21623

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the f2fs compression feature in the Linux kernel. If a data block in a compressed cluster is not persisted with metadata during a checkpoint, after a Storage Powe...

CLSA-2024-1713791454 Fix of 12 CVEs

CVE-url: https://ubuntu.com/security/CVE-2021-46925 - net/smc: get rid of txpend waits in socket closing - net/smc: fix kernel panic caused by race of smcsock CVE-url: https://ubuntu.com/security/CVE-2024-23307 - md/raid5: fix atomicity violation in raid5cachecount CVE-url:...

CLSA-2024-1713791075 Fix of 12 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-23307 - md/raid5: fix atomicity violation in raid5cachecount CVE-url: https://ubuntu.com/security/CVE-2021-46932 - Input: appletouch - initialize work before device registration CVE-url: https://ubuntu.com/security/CVE-2021-46936 - net: fix...

USN-6716-1 linux-azure, linux-azure-5.4 vulnerabilities

Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service system...

SUSE CVE-2021-47004

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in getvictim In CP disabling mode, there are two issues when using LFS or SSR | ATSSR mode to select victim: 1. LFS is set to find source section during GC, the victim should have no...

The vulnerability of the f2fs_rename() function in the f2fs component of the Linux operating system allows a hacker to gain increased privileges.

The vulnerability of the f2fsrename function in the f2fs component of the Linux operating system is related to the use of the assert function or similar operators. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2020-36775

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock Using f2fstrylockop in f2fswritecompressedpages to avoid potential deadlock like we did in f2fswritesingledatapage...

DEBIAN-CVE-2020-36775

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock Using f2fstrylockop in f2fswritecompressedpages to avoid potential deadlock like we did in f2fswritesingledatapage...

SUSE CVE-2023-52436

In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from f2fs explicitly terminating the xattr list with null when setting xattr...

PT-2023-9200 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use-after-free vulnerability in the f2fs read multi pages function. When f2fs decompress cluster is called and a cached page is hit in compress inode's cache,...