Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validates dbl2nbperpage during mounting In jfsdmap.c, on line 381, BLKTODMAP is used to obtain a logical block number within dbFree. dbl2nbperpage, which is the log2 of the number of blocks per page, is passed as an...

CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

CVE-2026-55392

CVE-2026-55392 affects NILFS utilities up to version 2.3.0. The root cause is nilfs_sb_is_valid() not validating s_log_block_size in the NILFS2 superblock before bit-shift operations, enabling undefined behavior from oversized shifts and potential out-of-memory conditions that can crash tools lik...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23238)

"In the Linux kernel, the following vulnerability has been resolved: romfs: check sbsetblocksize return value romfsfillsuper ignores the return value of sbsetblocksize, which can fail if the requested block size is incompatible with the block device's configuration. This can be triggered by setti...

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

CVE-2025-70100

CVE-2025-70100 affects lwext4 1.0.0. A divide-by-zero in ext4_block_set_lb_size (src/ext4_blockdev.c) can cause denial of service when processing a malformed ext4 image, triggering a Floating-Point Exception or crash due to missing lb_size validation during mount/image handling. Connected sources...

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

EUVD-2025-210054

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

PT-2026-45934

Name of the Vulnerable Software and Affected Versions lwext4 version 1.0.0 Description A divide-by-zero issue exists in the ext4 block set lb size function within the src/ext4 blockdev.c file. This occurs when a malformed ext4 filesystem image with a zero logical block size is provided, leading t...

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

CVE-2026-46061

A flaw was found in the Linux kernel's journaling block device jbd2 subsystem. A lock ordering issue within the jbd2journalcancelrevoke function can lead to a deadlock under specific conditions, particularly when the filesystem blocksize is smaller than the pagesize. This vulnerability could allo...

UBUNTU-CVE-2026-46061

In the Linux kernel, the following vulnerability has been resolved: jbd2: fix deadlock in jbd2journalcancelrevoke Commit f76d4c28a46a "fs/jbd2: use sleeping version of findgetblock" changed jbd2journalcancelrevoke to use findgetblocknonatomic which holds the folio lock instead of iprivatelock. Th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: When performing a btrfs mount, the block device is not set correctly. The user sets the block size of the block device to 0x4000 by executing the BLKBSZSET command. Since changing the block size also affects the...

Astra Linux - уязвимость в qemu

A “off-by-one” read/write issue was identified in the SDHCI device of QEMU. This issue occurs when reading/writing the Buffer Data Port Register using the sdhcireaddataport and sdhciwritedataport functions, specifically when datacount == blocksize. A malicious guest could exploit this flaw to cra...

Netty 输入验证错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contain a vulnerability related to input validation errors...

CVE-2026-43166

A flaw was found in the Linux kernel's erofs filesystem. This vulnerability allows an attacker to trigger an out-of-bounds OOB read by providing a specially crafted compressed image. The flaw occurs due to incorrect identification of interlaced plain extents when their start position or on-disk...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iomap: fixed invalid folio access when iblkbits differs from the I/O granularity. The commit aa35ddcbc06 “iomap: fixed invalid folio access after folioendread” partially addressed invalid folio access for folios without an ifs...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A shift-out-of-bounds condition has been fixed due to an overly large exponent of the block size. If the slogblocksize field in the superblock data is corrupted and too large, initnilfs and loadnilfs may still trigger a...