SUSE CVE-2018-13093

An issue was discovered in fs/xfs/xfsicache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookupslow on a NULL inode-iops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free...

SUSE CVE-2018-13098

An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service slab out-of-bounds read and BUG can occur for a modified f2fs filesystem image in which FIEXTRAATTR is set in an inode...

SUSE CVE-2018-13095

An issue was discovered in fs/xfs/libxfs/xfsinodebuf.c in the Linux kernel through 4.17.3. A denial of service memory corruption and BUG can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork...

SUSE CVE-2018-13099

An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service out-of-bounds memory access and BUG can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr...

SUSE CVE-2018-14615

An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncateinlineinode in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative...

SUSE CVE-2018-16862

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation removal. The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one...

SUSE CVE-2019-19770

In the Linux kernel 4.19.83, there is a use-after-free read in the debugfsremove function in fs/debugfs/inode.c which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfscreatefile. NOTE: Linux kernel developers dispu...

SUSE CVE-2020-8992

ext4protectreservedinode in fs/ext4/blockvalidity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service soft lockup via a crafted journal size...

SUSE CVE-2020-11935

It was discovered that aufs improperly managed inode reference counts in the vfsubdentryopen method. A local attacker could use this vulnerability to cause a denial of service attack...

SUSE CVE-2020-14311

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow...

SUSE CVE-2020-14385

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is...

SUSE CVE-2021-4037

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

SUSE CVE-2021-28950

An issue was discovered in fs/fuse/fusei.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1...

SUSE CVE-2021-35266

In NTFS-3G versions 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution...

SUSE CVE-2021-35268

In NTFS-3G versions 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfsinoderealopen, a heap buffer overflow can occur allowing for code execution and escalation of privileges...

SUSE CVE-2021-39251

A crafted NTFS image can cause a NULL pointer dereference in ntfsextentinodeopen in NTFS-3G 2021.8.22...

SUSE CVE-2021-39256

A crafted NTFS image can cause a heap-based buffer overflow in ntfsinodelookupbyname in NTFS-3G 2021.8.22...

SUSE CVE-2021-39259

A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfsinodelookupbyname, in NTFS-3G 2021.8.22...

SUSE CVE-2021-39260

A crafted NTFS image can cause an out-of-bounds access in ntfsinodesyncstandardinformation in NTFS-3G 2021.8.22...

SUSE CVE-2022-3621

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfsbmaplookupatlevel of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is...