PT-2025-26131 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns the Linux kernel, specifically the ext2 filesystem. It involves adding more validity checks for inode counts to prevent crashes on corrupted filesystems. The checks...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from fuserelease not being written to the inode, which could result in dirty pages not being flushed...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from insufficient inode count validation, which could lead to a file system crash...

PT-2025-33813

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the fs/ntfs3 component where a live inode can be incorrectly marked as a bad inode during file renaming operations, specifically when a file nam...

CLSA-2025-1750176020 kernel: Fix of 6 CVEs

pfifotailenqueue: Drop new packet when sch-limit == 0 CVE-2025-21702 - xfs: add bounds checking to xlogrecoverprocessdata CVE-2024-41014 - netfilter: validate user input for expected length CVE-2024-35896 - nfs: fix UAF in direct writes CVE-2024-26958 - Squashfs: check the inode number is not the...

CLSA-2025-1750168919 kernel: Fix of 6 CVEs

pfifotailenqueue: Drop new packet when sch-limit == 0 CVE-2025-21702 - xfs: add bounds checking to xlogrecoverprocessdata CVE-2024-41014 - netfilter: validate user input for expected length CVE-2024-35896 - nfs: fix UAF in direct writes CVE-2024-26958 - Squashfs: check the inode number is not the...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: jfs: Prevent copying of nlink with a value of 0 from the disk inode. A deadlock has been reported in diFree. 1 When calling “ioctl$LOOPSETSTATUS64”, the offset value passed in is 4, which does not match the mounted loop device...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Ensure that write operations are atomic. syzbot reported a NULL pointer dereference in genericfilewriteiter. 1 Before the write operation is completed, the user executes ioctl2 to clear the compress flag of the file. Th...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: qibfs: fixed another leak. Failure to allocate inode = data was leaked from the dentry structure… This issue existed since the initial merge; to be fair, if we end up with an OOM situation, the chances of failing at that...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs entries past the “end” entry. Once inside ‘ext4xattrinodedecrefall’, we should ignore xattrs entries that are located after the “end” entry. This fixes the following KASAN reported issue:...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: The race condition in MNTTREEBENEATH handling has been fixed by using domovemount. Normally, dolockmountpath, locks a mountpoint pointed to by path. At the time when unlockmount is called, that location is still locked by the sam...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: - bcachefs: Fix in bch2ioctlsubvolumeDestroy. - bch2evictsubvolumeinodes was getting stuck—due to incorrect pruning of the dcache. Additionally, missing permission checks have been fixed...

kernel: proc: fix UAF in proc_get_inode()

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

PT-2025-37202

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel where inode pages are not truncated when the hard link number is zero, specifically within the jfs filesystem. This occurs when the fileset value of t...

The vulnerability of the `btrfs_truncate inode items()` function in the `fs/btrfs/ctree.h` module of the Linux file system support module allows a attacker to cause a service failure.

The vulnerability of the btrfstruncate inode items function in the fs/btrfs/ctree.h module of the Linux file system support library is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause service failures...

PT-2025-28871

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw where invalid inode pointer dereferences can occur during log replay within the btrfs filesystem. This issue arises from calling read one inode which, ...

CVE-2012-3254

Multiple unspecified vulnerabilities in HP iNode Management Center before iNode PC 5.1 E0304 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by a stack-based buffer overflow in iNodeMngChecker.exe for a crafted 0x0A0BF007 packet...

SUSE CVE-2025-37904

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix the inode leak in btrfsiget BUG There is a bug report that a syzbot reproducer can lead to the following busy inode at unmount time: BTRFS info device loop1: last unmount of filesystem...

SUSE CVE-2025-37983

In the Linux kernel, the following vulnerability has been resolved: qibfs: fix another leak failure to allocate inode = leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low...

SUSE CVE-2025-37988

In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNTTREEBENEATH handling by domovemount Normally dolockmountpath, is locking a mountpoint pinned by path and at the time when matching unlockmount unlocks that location it is still pinned by the same thing...