An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

...

Squashfs: check the inode number is not the invalid value of zero

...

btrfs: don't drop extent_map for free space inode on write error

...

ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()

...

fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()

...

f2fs: fix to truncate meta inode pages forcely

...

btrfs: lock the inode in shared mode before starting fiemap

...

An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

...

f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic

...

f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC

...

btrfs: don't readahead the relocation inode on RST

...

Linux Distros Unpatched Vulnerability : CVE-2025-38677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x1c1/0x2a0...

kernel: ext4: only dirty folios when data journaling regular files

In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files fstest generic/388 occasionally reproduces a crash that looks as follows: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace:...

Linux Distros Unpatched Vulnerability : CVE-2025-38627

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: compress: fix UAF of f2fsinodeinfo in f2fsfreedic The decompressioctx may be released asynchronously after I/O completion. If this file is deleted...

Linux Distros Unpatched Vulnerability : CVE-2025-38663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or...

CVE-2025-38677

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x1c1/0x2a0 lib/dumpstack.c:120 printaddressdescription mm/kasan/report.c:378 inline...

Linux Distros Unpatched Vulnerability : CVE-2025-38580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4endiorsvwork In ext4ioenddefercompletion, check if...

Linux Distros Unpatched Vulnerability : CVE-2025-38527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix use-after-free in cifsoplockbreak A race condition can occur in cifsoplockbreak leading to a use-after-free of the cinode structure when...

Linux Distros Unpatched Vulnerability : CVE-2025-38615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted ilink. When renaming, the file0's...

Linux Distros Unpatched Vulnerability : CVE-2025-38577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix to avoid panic in f2fsevictinode As syzbot 1 reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c1085...