PT-2025-18422

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc7 Description A deadlock vulnerability has been identified in the Linux kernel, specifically in the jfs file system. The issue arises when the ioctl$LOOP SET STATUS64 function is called with an offset...

kernel: selinux,smack: don't bypass permissions check in inode_setsecctx hook

In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...

DEBIAN-CVE-2024-57254

An integer overflow in sqfsinodesize in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem...

DEBIAN-CVE-2024-57256

An integer overflow in ext4fsreadsymlink in Das U-Boot before 2025.01-rc1 occurs for zalloc adding one to an le32 variable via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite...

DEBIAN-CVE-2024-57255

An integer overflow in sqfsresolvesymlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite...

UBUNTU-CVE-2024-57254

An integer overflow in sqfsinodesize in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem...

UBUNTU-CVE-2024-57256

An integer overflow in ext4fsreadsymlink in Das U-Boot before 2025.01-rc1 occurs for zalloc adding one to an le32 variable via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite...

UBUNTU-CVE-2024-57255

An integer overflow in sqfsresolvesymlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite...

SUSE CVE-2024-57254

An integer overflow in sqfsinodesize in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem...

SUSE CVE-2024-57255

An integer overflow in sqfsresolvesymlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite...

SUSE CVE-2024-57256

An integer overflow in ext4fsreadsymlink in Das U-Boot before 2025.01-rc1 occurs for zalloc adding one to an le32 variable via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite...

The vulnerability of the sysctl component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the sysctl component in the Linux operating system’s kernel is related to improper validation of input data in the procsysmake inode function. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the f2fs component of the Linux operating system’s kernel, which allows a hacker to cause a service failure

The vulnerability of the f2fs component of the Linux operating system’s kernel is related to the assignment of the NULL pointer in the f2fsset inodeflags function. Exploiting this vulnerability can allow a hacker to trigger a service failure...

CVE-2024-57255

An integer overflow in sqfsresolvesymlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite...

PT-2025-6748 · Barebox · Barebox

Name of the Vulnerable Software and Affected Versions: barebox versions prior to 2025.01.0 Description: The issue is related to an integer overflow in the ext4fs read symlink function when handling a crafted ext4 filesystem with an inode size of 0xffffffff. This results in a malloc of zero and a...

SUSE CVE-2025-21699

In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2DIFJDATA flag Truncate an inode's address space when flipping the GFS2DIFJDATA flag: depending on that flag, the pages in the address space will either use buffer heads or...

PT-2025-16760

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc1-next-20250206-xfstests-dirty 726 Description A vulnerability in the Linux kernel has been resolved, which could cause a hung task if ext4 inode attach jinode fails in ext4 setattr. This failure prevent...

AZL-56843 CVE-2025-21699 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2DIFJDATA flag Truncate an inode's address space when flipping the GFS2DIFJDATA flag: depending on that flag, the pages in the address space will either use buffer heads or...

DEBIAN-CVE-2025-21699

In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2DIFJDATA flag Truncate an inode's address space when flipping the GFS2DIFJDATA flag: depending on that flag, the pages in the address space will either use buffer heads or...

CVE-2025-21699 gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag

In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2DIFJDATA flag Truncate an inode's address space when flipping the GFS2DIFJDATA flag: depending on that flag, the pages in the address space will either use buffer heads or...