3384 matches found
kernel: fs: writeback: fix use-after-free in __mark_inode_dirty()
In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in markinodedirty An use-after-free issue occurred when markinodedirty get the bdiwriteback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-random- Not tainted...
CVE-2026-42442
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...
CVE-2026-42442
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...
EUVD-2026-29790
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...
CVE-2026-42445 NanaZip: Uncontrolled recursion in NanaZip UFS directory traversal causes stack exhaustion
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...
CVE-2026-42443
NanaZip (open source archiver) contains a local-denial bug in its UFS/UFS2 filesystem image parser. From versions 5.0.1252.0 up to before 6.0.1698.0, an integer divide-by-zero occurs when opening a crafted UFS image where the superblock field fs_ipg (inodes per cylinder group) is zero. The parser...
CVE-2026-42443 NanaZip: Integer divide-by-zero in NanaZip UFS inode offset calculation
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...
CVE-2026-42442
Summary: CVE-2026-42442 affects NanaZip, an open source file archive, in versions 5.0.1252.0 through before 6.0.1698.0. A null‑pointer dereference occurs in the UFS/UFS2 filesystem image parser when opening a crafted UFS image whose root inode (inode 2) is set to IFLNK (symlink) instead of IFDIR ...
CVE-2026-42442
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...
CVE-2026-42442 NanaZip: Null-pointer dereference in NanaZip UFS parser when root inode is a symlink
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...
EUVD-2026-29787
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...
CVE-2026-42442 NanaZip: Null-pointer dereference in NanaZip UFS parser when root inode is a symlink
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...
CLSA-2026-1778599722 Fix CVE(s): CVE-2026-4878
SECURITY UPDATE: TOCTOU race condition in capsetfile - debian/patches/CVE-2026-4878.patch: open the target file and operate on /proc/self/fd/N so the inode is locked between the regular-file check and the xattr update - CVE-2026-4878...
CLSA-2026-1778599539 Fix CVE(s): CVE-2026-4878
SECURITY UPDATE: TOCTOU race condition in capsetfile - debian/patches/CVE-2026-4878.patch: open the target file and operate on /proc/self/fd/N so the inode is locked between the regular-file check and the xattr update - CVE-2026-4878...
SUSE CVE-2026-43420
In the Linux kernel, the following vulnerability has been resolved: ceph: fix inlink underrun during async unlink During async unlink, we drop the inlink counter before we receive the completion that will eventually update the inlink because "we assume that the unlink will succeed". That is not a...
PT-2026-40356
Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0 Description A null-pointer dereference exists in the UFS/UFS2 filesystem image parser. This occurs when opening a specially crafted UFS image where the root inode inode 2 is set to IFLNK symlink...
PT-2026-40359
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...
PT-2026-40357
Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0 Description An integer divide-by-zero issue exists in the UFS/UFS2 filesystem image parser. This occurs when opening a specially crafted UFS image where the superblock field fs ipg inodes per...
NanaZip 代码问题漏洞
NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 had code-related vulnerabilities. These vulnerabilities stemmed from the UFS/UFS2 file system image parser, which unconditionally treated the root inode as a directory without checking...
CVE-2026-43420
A flaw was found in the Linux kernel's Ceph file system client. A race condition during asynchronous file unlink operations can lead to an inlink counter underrun. This vulnerability allows an attacker to trigger a kernel warning, potentially causing system instability and a Denial of Service DoS...