SUSE CVE-2003-1418

Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via 1 the ETag header, which reveals the inode number, or 2 multipart MIME boundary, which reveals child process IDs PID...

SUSE CVE-2005-3808

Integer overflow in the invalidateinodepages2range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service hang via 64-bit mmap calls that are not properly handled on a 32-bit system...

SUSE CVE-2006-5753

Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service data corruption and possibly gain privileges via unknown vectors...

SUSE CVE-2007-3104

The sysfsreaddir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux RHEL 4.5 and other distributions, allows users to cause a denial of service kernel OOPS by dereferencing a null pointer to an inode in a dentry...

SUSE CVE-2007-4849

JFFS2, as used on One Laptop Per Child OLPC build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during 1 inode creation or 2 ACL setting, which might allow local users to access restricted files or directories after a remount of a...

SUSE CVE-2008-3534

The shmemdeleteinode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service system crash via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to...

SUSE CVE-2009-0859

The shmgetstat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIGSHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service system hang via an SHMINFO shmctl call, as demonstrated by running the ipcs...

SUSE CVE-2009-1961

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service prevention of file creation and removal via a series of splice...

SUSE CVE-2009-3286

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...

SUSE CVE-2010-2943

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assign...

SUSE CVE-2012-0055

OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions...

SUSE CVE-2013-0313

The evmupdateevmxattr function in security/integrity/evm/evmcrypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module EVM is enabled, allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via an...

SUSE CVE-2014-4014

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with grou...

SUSE CVE-2014-6410

The udfreadinode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service infinite loop or stack consumption via a UDF filesystem with a crafted inode...

SUSE CVE-2014-9728

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service buffer over-read and system crash via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c...

SUSE CVE-2014-9729

The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service system crash via a crafted UDF filesystem image...

SUSE CVE-2015-3329

Multiple stack-based buffer overflows in the pharsetinode function in pharinternal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a 1 tar, 2 phar, or 3 ZIP archive...

SUSE CVE-2015-4167

The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service incorrect data representation or integer overflow, and OOPS via a crafted UDF filesystem...

SUSE CVE-2017-14340

The XFSISREALTIMEINODE macro in fs/xfs/xfslinux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service NULL pointer dereference and OOPS via vectors related to setting an RHINHERIT flag on a directory...

SUSE CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...