Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: fs/jfs: Added validation for dbmaxag and dbagpref. Both dbmaxag and dbagpref are used as indexes for the dbagfree array. However, there is currently no validation for these values, which can lead to errors. The following is a...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed a null pointer dereference in dtInsertEntry Reported by syzbot General protection fault, likely for a non-canonical address 0xdffffc0000000001: 0000 1 PREEMPT SMP KASAN PTI KASAN: nullptrderef in range...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: jfs: Validated AG parameters in dbMount to prevent crashes. Validated dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. The limits are derived from...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: jfs: fixed an array-index-out-of-bounds issue in diNewExt Syz report UBSAN: array-index-out-of-bounds in fs/jfs/jfsimap.c:2360:2 The index -878706688 is out of range for the type 'struct iagctl128' CPU: 1 PID: 5065 Comm:...

CLSA-2026-1775224807 Fix of 95 CVEs

CVE-2025-39683 - tracing: Remove unneeded goto out logic CVE-2025-39683 - tracing: Limit access to parser-buffer when tracegetuser failed CVE-2025-39683 CVE-2025-38079 - crypto: algifhash - fix double free in hashaccept CVE-2025-38079 CVE-2025-38159 - wifi: rtw88: fix the 'para' buffer size to...

CVE-2023-53766

JFS filesystem code neglects to verify whether the filesystem is mounted read-only before initiating transactions in txBegin. When write operations are attempted on a read-only mount, the missing check allows execution to proceed with uninitialized transaction structures, culminating in a NULL...

jfs: Verify inode mode when loading from disk

...

CVE-2025-40312 jfs: Verify inode mode when loading from disk

In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 "isofs: Verify inode mode when loading from disk" does...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986484 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtreet for...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986434)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986434 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix GPF in diFree Avoid passing inode with JFSSBIinode-isb-ipimap == NULL to diFree1. GFP wi...

EUVD-2023-54249

Malicious code in bioql PyPI...

DEBIAN-CVE-2022-50333

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbDiscardAG This should be applied to most URSAN bugs found recently by syzbot, by guarding the dbMount. As syzbot feeding rubbish into the bmap descriptor...

CVE-2023-53222 jfs: jfs_dmap: Validate db_l2nbperpage while mounting

In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validate dbl2nbperpage while mounting In jfsdmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree. dbl2nbperpage, which is the log2 number of blocks per page, is passed as an argument to...

jfs: upper bound check of tree index in dbAllocAG

...

jfs: fix null ptr deref in dtInsertEntry

...

Linux Distros Unpatched Vulnerability : CVE-2023-4385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfsdmap.c in the journaling file system JFS in the Linux Kernel. This issue may allow a local...

Linux Distros Unpatched Vulnerability : CVE-2023-52599

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: fix array-index-out-of-bounds in diNewExt Syz report UBSAN: array-index-out-of-bounds in fs/jfs/jfsimap.c:2360:2 index -878706688 is out of range for type...

Linux Distros Unpatched Vulnerability : CVE-2025-38230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: validate AG parameters in dbMount to prevent crashes Validate dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid...

fs/jfs: Prevent integer overflow in AG size calculation

...

SUSE CVE-2024-47723

In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG and diAlloc In dbNextAG , there is no check for the case where bmp-dbnumag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Therefore, a bounds check should ...