DEBIAN-CVE-2022-50313

In the Linux kernel, the following vulnerability has been resolved: erofs: fix order = MAXORDER warning due to crafted negative isize As syzbot reported 1, the root cause is that isize field is a signed type, and negative isize is also less than EROFSBLKSIZ. As a consequence, it's handled as fast...

DEBIAN-CVE-2022-50277

In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode to have encrypt flag Mounting a filesystem whose journal inode has the encrypt flag causes a NULL dereference in fscryptlimitioblocks when the 'inlinecrypt' mount option is used. The problem is tha...

CVE-2022-50277

In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode to have encrypt flag Mounting a filesystem whose journal inode has the encrypt flag causes a NULL dereference in fscryptlimitioblocks when the 'inlinecrypt' mount option is used. The problem is tha...

UBUNTU-CVE-2022-50277

In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode to have encrypt flag Mounting a filesystem whose journal inode has the encrypt flag causes a NULL dereference in fscryptlimitioblocks when the 'inlinecrypt' mount option is used. The problem is tha...

UBUNTU-CVE-2022-50273

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on destination blkaddr during recovery As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=216456 loop5: detected capacity change from 0 to 131072 F2FS-fs loop5:...

UBUNTU-CVE-2022-50284

In the Linux kernel, the following vulnerability has been resolved: ipc: fix memory leak in initmqueuefs When setupmqsysctls failed in initmqueuefs, mqueueinodecachep is not released. In order to fix this issue, the release path is reordered...

CVE-2023-53260 ovl: fix null pointer dereference in ovl_permission()

In the Linux kernel, the following vulnerability has been resolved: ovl: fix null pointer dereference in ovlpermission Following process: P1 P2 pathlookupat linkpathwalk inodepermission ovlpermission ovlipathrealinode, &realpath path-dentry = ovlidentryupperinode dropcache dentrykillovldentry...

CVE-2022-50284

CVE-2022-50284 affects the Linux kernel (init_mqueue_fs). If setup_mq_sysctls() fails, the mqueue_inode_cachep was not released, causing a memory leak. The issue was fixed by reordering the release path in init_mqueue_fs; upstream kernel patches exist to address this, with no explicit exploit det...

CVE-2022-50284 ipc: fix memory leak in init_mqueue_fs()

In the Linux kernel, the following vulnerability has been resolved: ipc: fix memory leak in initmqueuefs When setupmqsysctls failed in initmqueuefs, mqueueinodecachep is not released. In order to fix this issue, the release path is reordered...

CVE-2022-50277 ext4: don't allow journal inode to have encrypt flag

In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode to have encrypt flag Mounting a filesystem whose journal inode has the encrypt flag causes a NULL dereference in fscryptlimitioblocks when the 'inlinecrypt' mount option is used. The problem is tha...

CVE-2023-53149

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid deadlock in fs reclaim with page writeback Ext4 has a filesystem wide lock protecting ext4writepages calls to avoid races with switching of journalled data flag or inode format. This lock can however cause a deadlock...

UBUNTU-CVE-2023-53163

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: don't hold nilock when calling truncatesetsize syzbot is reporting hung task at douseraddrfault 1, for there is a silent deadlock between PGlocked bit and nilock lock. Since filemapupdatepage calls filemapreadfolio afte...

CVE-2023-53149

CVE-2023-53149 concerns the Linux kernel ext4 filesystem. The issue arises from a filesystem-wide lock protecting ext4_writepages() that can deadlock during fs reclaim initiated by page writeback, due to a recursion scenario where ext4_writepages() attempts to acquire sbi->s_writepages_rwsem w...

CVE-2023-53149 ext4: avoid deadlock in fs reclaim with page writeback

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid deadlock in fs reclaim with page writeback Ext4 has a filesystem wide lock protecting ext4writepages calls to avoid races with switching of journalled data flag or inode format. This lock can however cause a deadlock...

SUSE-SU-2025:03223-1 Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002317 fixes several issues. The following security issues were fixed: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. - CVE-2025-38001: netsched: hfsc: Address...

Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002330 fixes several issues. The following security issues were fixed: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2025-38001: netsched: hfsc: Address...

PT-2025-37579

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel where mounting a filesystem with a journal inode possessing the encrypt flag can lead to a NULL dereference within the fscrypt limit io blocks functio...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a log inode that does not properly handle cryptographic flags, which could lead to a null pointer dereference...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to free mqueueinodecachep when setupmqsysctls fails in the initmqueuefs function, which could le...

SUSE-SU-2025:03215-1 Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-15070051 fixes several issues. The following security issues were fixed: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. - CVE-2025-38001: netsched: hfsc: Address...