321 matches found
kernel: gfs2: Fix use-after-free in iomap inline data write path
A flaw was found in the Linux kernel's GFS2 filesystem. This memory corruption vulnerability, a use-after-free, occurs in the iomap inline data write path. The issue arises because a data buffer is released prematurely while still being referenced, leading to a write to freed memory. This could...
kernel: gfs2: Fix use-after-free in iomap inline data write path
A flaw was found in the Linux kernel's GFS2 filesystem. This memory corruption vulnerability, a use-after-free, occurs in the iomap inline data write path. The issue arises because a data buffer is released prematurely while still being referenced, leading to a write to freed memory. This could...
SUSE SLES12 Security Update : kernel (SUSE-SU-2026:2450-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2450-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263:...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a deadlock issue when converting an inline directory in nojournal mode. In nojournal mode, ext4finishconvertinlinedir can cause a self-deadlock by calling ext4handledirtydirblock after having already taken the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Error checking was added to ext4extreplaysetiblocks. If the call to ext4mapblocks fails due to a corrupted file system, ext4extreplaysetiblocks may get stuck in an infinite loop. This issue can be reproduced by running...
Astra Linux – Vulnerability in Linux, Linux 5.10
A race condition was discovered in ext4writeinlinedataend in fs/ext4/inline.c within the ext4 subsystem of the Linux kernel, as of version 5.13.13...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Do not report a BUG when INLINEDATAFL lacks the system.data xattr attribute. A syzbot fuzed image triggered a BUG in ext4updateinlinedata, when an inode had the INLINEDATAFL flag set but lacked the system.data extended...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed the bug in ext4writepages. We encountered the following issue: EXT4-fs error device loop0: ext4mbgeneratebuddy: 1141; group 0; block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls. ------------ Cut here -...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed an warning in ext4updateinlinedata. Syzbot identified the following issue: EXT4-fs loop0: Mounted a filesystem with ID 00000000-0000-0000-0000-000000000000 without a journal. Quota mode: none. fscrypt: Uses...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid crashes when inline data creation occurs after DIO write When an inode is created and written using direct IO, there is no way to clear the EXT4STATEMAYINLINEDATA flag. As a result, when the inode is truncated to just...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: The issue where inline data checks might be performed during dio write operations has been fixed. According to syzbot, the following warning from ext4iomapbegin is triggered as of the referenced commit: c if...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: A bug related to delayed allocation was fixed in ext4clumapped for bigalloc and inline scenarios. When converting files with inline data to extents, delayed allocations made on a file system created with both bigalloc and...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Added idatasem protection in ext4destroyInlinedatanolock Fixed a race condition between inline data destruction and block mapping. The function ext4destroyInlinedatanolock changes the inode data layout by clearing...
Docling Core: Insufficient validation of image reference URIs
Impact In versions = 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers References - Fix release: v2.74....
SUSE CVE-2026-45943
In the Linux kernel, the following vulnerability has been resolved: erofs: fix inline data read failure for ztailpacking pclusters Compressed folios for ztailpacking pclusters must be valid before adding these pclusters to I/O chains. Otherwise, zerofsdecompresspcluster may assume they are alread...
SUSE CVE-2026-45984
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head dibh is being released prematurely in gfs2iomapbegin via releasemetapath while iomap-inlinedata still points to dibh-bdata. This causes a...
CVE-2026-45984
A flaw was found in the Linux kernel's GFS2 filesystem. This memory corruption vulnerability, a use-after-free, occurs in the iomap inline data write path. The issue arises because a data buffer is released prematurely while still being referenced, leading to a write to freed memory. This could...
EUVD-2026-32269
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head dibh is being released prematurely in gfs2iomapbegin via releasemetapath while iomap-inlinedata still points to dibh-bdata. This causes a...
EUVD-2026-32227
In the Linux kernel, the following vulnerability has been resolved: erofs: fix inline data read failure for ztailpacking pclusters Compressed folios for ztailpacking pclusters must be valid before adding these pclusters to I/O chains. Otherwise, zerofsdecompresspcluster may assume they are alread...
CVE-2026-45984
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head dibh is being released prematurely in gfs2iomapbegin via releasemetapath while iomap-inlinedata still points to dibh-bdata. This causes a...