CVE-2025-68261

CVE-2025-68261 concerns a race in ext4 where inline data destruction (ext4_destroy_inline_data_nolock) and block mapping (ext4_map_blocks) can concurrently modify inode layout, causing a state where EXT4_INODE_EXTENTS flag is observed incorrectly and triggers a kernel BUG in fs/ext4/indirect.c (l...

CVE-2025-68261 ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock()

In the Linux kernel, the following vulnerability has been resolved: ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data destruction and block mapping. The function ext4destroyinlinedatanolock changes the inode data layout by clearing EXT4INODEINLINEDATA and...

CVE-2025-68242

CVE-2025-68242 concerns the Linux kernel NFS attribute handling. The description notes that when delegated timestamps are allowed, the kernel’s nfs_setattr does not verify the inode UID against the caller’s fsuid, leading to failures in LTP tests utimes01/utime06 (the tests modify atime/mtime usi...

CVE-2025-68242 NFS: Fix LTP test failures when timestamps are delegated

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix LTP test failures when timestamps are delegated The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nobody' user ID. The...

CVE-2025-68185

In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won't be easy...

CVE-2025-40361

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-68185

In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won't be easy...

CVE-2025-68185 nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing

In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won't be easy...

CVE-2025-40361

CVE-2025-40361 entry is rejected/not used and not an active vulnerability.

CVE-2025-40361 fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock

In the Linux kernel, the following vulnerability has been resolved: fs: ext4: change GFPKERNEL to GFPNOFS to avoid deadlock The parent function ext4xattrinodelookupcreate already uses GFPNOFS for memory alloction, so the function ext4xattrinodecachefind should use same gfpflag...

CVE-2025-40361

...

Linux Distros Unpatched Vulnerability : CVE-2025-68261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data destruction and block mapping. The function...

Linux Distros Unpatched Vulnerability : CVE-2025-40361

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs: ext4: change GFPKERNEL to GFPNOFS to avoid deadlock The parent function ext4xattrinodelookupcreate already uses GFPNOFS for memory alloction, so the functio...

PT-2025-51577

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's ext4 file system implementation related to memory allocation within the extended attribute handling routines. Specifically, the ext4 xattr inode cache...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ext4destroyinlinedatanolock missing idatasem protection in ext4...

Security Bulletin: IBM DataPower Gateway affected by multiple vulnerabilities in OS kernel

Summary Multiple vulnerabilities were addressed in IBM DataPower Gateway in version 10.6.6.0 Vulnerability Details CVEID:CVE-2025-21999 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode...

OESA-2025-2800 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ext4: update sjournalinum if it changes after journal replay When mounting a crafted ext4 image, sjournalinum may change after journal replay, which is obviously...

Linux Distros Unpatched Vulnerability : CVE-2023-53804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nilfs2: fix use-after-free bug of nilfsroot in nilfsevictinode During unmount process of nilfs2, nothing holds nilfsroot structure after nilfs2 detaches its...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-2501)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : x86/mce: Work around an erratum on fast string copy instructionsCVE-2022-49124 net: preserve skbendoffset in skbunclonekeeptruesizeCVE-2022-49142...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991137)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991137 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of nilfsroot in dirtying inodes via iput During unmount process of...