54 matches found
CVE-2026-23234
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fswriteendio As syzbot reported an use-after-free issue in f2fswriteendio. It is caused by below race condition: loop device umount - workerthread - loopprocesswork - doreqfilebacked - lorwaio -...
CVE-2026-27711
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a memory corruption vulnerability in NanaZip’s UFS parser allows a crafted .ufs/.ufs2/.img file to trigger out-of-bounds memory access during archive open/listing. The bug is...
EUVD-2007-0301
Malware in sbrugna...
EUVD-2014-6397
Malware in sbrugna...
EUVD-2005-3071
Malware in sbrugna...
grub2: fs/ufs: OOB write in the heap
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...
Grub2: fs/ufs: oob write in the heap
...
Grub2: ufs: integer overflow may lead to heap based out-of-bounds write when handling symlinks
...
GNU GRUB Buffer Overflow Vulnerability
GNU GRUB is a Linux system boot program from the GNU community. GNU GRUB suffers from a buffer overflow vulnerability, which originates in the UFS module, where the program does not properly manage memory allocation and release when processing data, and can be exploited by an attacker to obtain...
grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks
A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grubmalloc may be called with a smaller...
grub2: fs/ufs: OOB write in the heap
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...
CVE-2025-37858
In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Prevent integer overflow in AG size calculation The JFS filesystem calculates allocation group AG size using 1 2TB aggregates on 32-bit systems, this 32-bit shift operation causes undefined behavior and improper AG sizing...
CVE-2024-58094
In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before truncation in jfstruncatenolock Added a check for "read-only" mode in the jfstruncatenolock function to avoid errors related to writing to a read-only filesystem. Call stack: blockwritebegin...
SUSE CVE-2024-45781
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...
DEBIAN-CVE-2025-0677
A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grubmalloc may be called with a smaller...
AZL-56970 CVE-2024-45781 affecting package grub2 for versions less than 2.06-15
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...
DEBIAN-CVE-2024-45781
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...
UBUNTU-CVE-2024-45781
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...
CVE-2024-41935
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to shrink read extent node in batches We use rwlock to protect core structure data of extent tree during its shrink, however, if there is a huge number of extent nodes in extent tree, during shrink of extent tree, it ma...
CVE-2024-56686
Removed by vendor...