CVE-2025-40241

In the Linux kernel, the following vulnerability has been resolved: erofs: fix crafted invalid cases for encoded extents Robert recently reported two corrupted images that can cause system crashes, which are related to the new encoded extents introduced in Linux 6.15: - The first one 1 has plen !...

CVE-2025-40241

Summary (CVE-2025-40241): In the Linux kernel, the erofs code fix addresses two crafted invalid extents related to the new encoded extents introduced in Linux 6.15. The issues involve: (1) a crafted plen != 0 case where plen is not zero and the plen mask check fails, affecting representation of s...

PT-2025-49068

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.15 and later Description The Linux kernel contains an issue related to encoded extents within the erofs filesystem. Specifically, crafted, invalid images can cause system crashes. This occurs due to improper handling of...

Xen: qemu ioport out-of-bounds array access (XSA-199)

An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially...