1009 matches found
EUVD-2026-38897
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent uninitialized lcn caused by zero len syzbot reported a uninit-value in ntfsiomapbegin 1. Since runs was not touched yet, runlookupentry immediately fails and returns false, which makes the value of "len" 0...
EUVD-2026-38895
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix missing run load for vcn0 in attrdatagetblocklocked When a compressed or sparse attribute has its clusters frame-aligned, vcn is rounded down to the frame start using cmask, which can result in vcn != vcn0. In this...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Do not hold the nilock lock when calling truncatesetsize. syzbot reports a hung task during the call to douseraddrfault 1. This occurs because there is a silent deadlock between the PGlocked bit and the nilock lock. Sin...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed an OOB read issue in indxinsertintobuffer. Syzbot reported a OOB read bug: BUG: KASAN: Out-of-bounds access in indxinsertintobuffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755 A read of size 17168 was performed at address...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Fixed a general protection fault in runismappedfull. ntfscreate inode: Fixed the deletion of a non-resident attribute...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectorsperclusters When the NTFS BOOT sectorsperclusters field is greater than 0x80, it represents a shift value. Ensure that the shift value is not too large before using it the maximum cluster size for...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: This issue prevents UBSAN errors occurring in truesectorsperclst. The syzbot reported the following UBSAN error: 76.901829 T6677 ================================================================================ 76.903908...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Treating $Extend records as regular files. Since the commit af153bb63a33 "vfs: catching invalid modes in mayopen" requires that any inode be of one of the types SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/SIFIFO/SIFSOCK, use SIFREG...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: A possible null pointer dereference has been fixed in niclear. In a previous commit c1006bd13146, ni-mi.mrec in niwrite inode could be NULL. Therefore, a NULL check was added for this variable. However, in the same call...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: A NULL dereference in niwriteinode has been fixed. Syzbot reported a NULL dereference in niwrite inode. When creating a new inode, if the allocation fails in the miinit function called in the miformatnew function, mi-mr...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Validates buffer length during parsing of index The indxread function is called when there are certain NTFS directory operations that require more information from the index buffers. This adds a sanity check to ensur...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Use variable length arrays instead of fixed-size ones. The issue with the “smatch warning” should be fixed: Error in ntfssetlabel: builtinmemcpy’s ‘uni-name’ is too small 20 vs 256...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel before version 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. This could lead to an out-of-bounds write vulnerability...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel 6.0.8, there is a use-after-free in the rununpack function in fs/ntfs3/run.c, which is related to a difference between the NTFS sector size and the media sector size...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: “fs/ntfs3: Replace inodetrylock with inodelock” This change is reflected in commit 69505fe98f198ee813898cbcaf6770949636430b. Initially, the conditional lock acquisition was removed to fix a bug in xfstest that was observed during...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel before version 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. A unhandled page fault may occur...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional checks have been added in ntfsfilerelease...
Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1816)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1816 advisory. In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update CVE-2026-23171 In the Linux kernel, the following...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update CVE-2026-23171 In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refaul...
Linux Distros Unpatched Vulnerability : CVE-2026-45935
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot In the 'DeleteIndexEntryRoot' case of the 'doaction' function, the entry size 'esize' is retrieve...