40 matches found
CVE-2025-70101
An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...
CVE-2025-70099
A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001155)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001155 advisory. The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002557)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002557 advisory. The ext4iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero ilinkscount, which allows attackers ...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003093)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003093 advisory. The ext4validblockbitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service out-of-bounds read and system...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003063)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003063 advisory. A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003009)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003009 advisory. The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002810)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002810 advisory. The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000456)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000456 advisory. In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4putsuper in...
SUSE CVE-2016-10208
The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service out-of-bounds read and system crash via a crafted ext4 image...
SUSE CVE-2018-10880
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4updateinlinedata. An attacker could use this to cause a system crash and a denial of service...
SUSE CVE-2018-10879
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4xattrsetentry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image...
kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c
A flaw was found in the Linux kernel's ext4unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI...
kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c
An out-of-bounds write flaw was found in the Linux kernel’s Ext4 FileSystem in the way it uses a crafted ext4 image. This flaw allows a local user with physical access to crash the system or potentially escalate their privileges on the system...
PT-2019-4485 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel version 5.0.21 Description: The issue is related to a use-after-free in the ext4 put super function in fs/ext4/super.c, which is connected to the dump orphan list function in the same file. This can occur when mounting a crafted...
The vulnerability of the ext4_extDropRefs() function in the Linux operating system allows a hacker to cause a service failure or execute arbitrary code.
The vulnerability of the ext4extDropRefs function in the Linux operating system relates to reading data beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code using a specially created ext4 file system image...
The vulnerability of the ext4_init_block_bitmap() function in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the ext4initblockbitmap function in the Linux operating system is related to writing data beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to trigger a service failure using a specially created ext4 file system image...
kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image...
kernel: stack-out-of-bounds write in ext4_update_inline_data function
A flaw was found in the Linux kernel's ext4 filesystem code. A stack-out-of-bounds write in ext4updateinlinedata is possible when mounting and writing to a crafted ext4 image. An attacker could use this to cause a system crash and a denial of service...
kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4xattrsetentry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image...