CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

CVE-2025-70099

A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...

MiracleLinux 8 : e2fsprogs-1.45.4-3.el8 (AXSA:2020-302:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-302:02 advisory. e2fsprogs: crafted ext4 partition leads to out-of-bounds write CVE-2019-5094 Tenable has extracted the preceding description block directly from the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001155)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001155 advisory. The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003063)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003063 advisory. A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002557)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002557 advisory. The ext4iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero ilinkscount, which allows attackers ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003093)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003093 advisory. The ext4validblockbitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service out-of-bounds read and system...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002810)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002810 advisory. The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003009)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003009 advisory. The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000456)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000456 advisory. In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4putsuper in...

SUSE CVE-2011-2493

The ext4fillsuper function in fs/ext4/super.c in the Linux kernel before 2.6.39 does not properly initialize a certain error-report data structure, which allows local users to cause a denial of service OOPS by attempting to mount a crafted ext4 filesystem...

SUSE CVE-2016-10208

The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service out-of-bounds read and system crash via a crafted ext4 image...

SUSE CVE-2018-10879

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4xattrsetentry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image...

SUSE CVE-2018-10880

Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4updateinlinedata. An attacker could use this to cause a system crash and a denial of service...

kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c

A flaw was found in the Linux kernel's ext4unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI...

kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c

A flaw was found in the Linux kernel's ext4unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI...

kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c

An out-of-bounds write flaw was found in the Linux kernel’s Ext4 FileSystem in the way it uses a crafted ext4 image. This flaw allows a local user with physical access to crash the system or potentially escalate their privileges on the system...

CentOS 7 : e2fsprogs (RHSA-2020:4011)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4011 advisory. - An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause ...

e2fsprogs: Out-of-bounds write in e2fsck/rehash.c

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability...

OPENSUSE-SU-2019:2233-1 Security update for u-boot

This update for u-boot fixes the following issues: Security issues fixed: - CVE-2019-13106: Fixed stack buffer overflow via a crafted ext4 filesystem that may lead to code execution bsc1144656. - CVE-2019-13104: Fixed an underflow that could cause memcpy to overwrite a very large amount of data v...