235 matches found
USN-6339-3 linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-raspi vulnerabilities
It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service system crash. CVE-2022-48425...
PT-2025-38466
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists within the f2fs filesystem implementation when remounting a read-write filesystem. Specifically, the issue arises because the f2fs remount function resets mount...
SUSE CVE-2017-18200
The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fswaitdiscardbios calls, which allows local users to cause a denial of service BUG, as demonstrated by fstrim...
SUSE CVE-2018-13096
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service out-of-bounds memory access and BUG can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image...
SUSE CVE-2019-19815
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fsrecoverfsyncdata in fs/f2fs/recovery.c. This is related to F2FSPSB in fs/f2fs/f2fs.h...
SUSE CVE-2020-6105
An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability...
PT-2023-35188 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.90 Description: The issue is related to the f2fs component, where a panic can be avoided if the extent tree is not created. The actual impact and attack plausibility have not yet been proven...
PT-2023-34914 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.304 Description: The issue is related to the f2fs component, where a panic can be avoided if the extent tree is not created. The actual impact and attack plausibility have not yet been proven...
PT-2023-34860 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.165 Description: The issue is related to the f2fs component, where a panic can be avoided if the extent tree is not created. The actual impact and attack plausibility have not yet been proven...
PT-2023-34887 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.230 Description: The issue is related to the f2fs component, where a panic can be avoided if the extent tree is not created. The actual impact and attack plausibility have not yet been proven...
PT-2022-35140 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns a fix for a sanity check on summary information in the f2fs component. The actual impact and potential for attack have not been proven yet. Recommendations: For versions...
CLSA-2022-1667414297 Fix CVE(s): CVE-2021-44879
CVE-2021-44879 - ELSCVE-3342 f2fs: fix to do sanity check on inode type during garbage collection...
PT-2022-34350 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.256 Description: The issue is related to the use of f2fs bug on in f2fs new node page. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior t...
PT-2025-8251
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to an infinite loop in the f2fs file system, which can occur when flushing node pages. This loop can be triggered by xfstests/generic/475, resulting in an EIO error...
AZL-7073 CVE-2021-45469 affecting package kernel for versions less than 5.15.18.1-1
In f2fssetxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry...
The vulnerability of the F2fs-Tools tool, related to reading beyond the memory boundaries, allows a intruder to access confidential information.
The vulnerability of the F2fs-Tools tool is related to reading data beyond the memory boundaries. Exploiting this vulnerability can allow an attacker to access confidential information by causing a read error beyond the allowed range, thereby creating a specially crafted file system for F2fs...
PT-2024-11090 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.0-rc1-custom 1 Description: The issue is caused by a race condition between truncate and overwrite operations in the f2fs compress functionality. This can lead to a situation where a page is detached from t...
CVE-2020-15858
Some devices of Thales DIS formerly Gemalto, formerly Cinterion allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for custom...
CVE-2020-15858
Some devices of Thales DIS formerly Gemalto, formerly Cinterion allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for custom...
Directory traversal
Some devices of Thales DIS formerly Gemalto, formerly Cinterion allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for custom...