CVE-2025-70101

lwext4 1.0.0 exposes an out-of-bounds read in ext4_ext_binsearch_idx (src/ext4_extent.c) that can trigger denial of service when processing a crafted ext4 image. The vulnerability stems from insufficient validation of extent header fields prior to performing a binary search over extent index entr...

EUVD-2025-210055

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004221)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004221 advisory. In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4putsuper in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001136)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001136 advisory. A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002674)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002674 advisory. Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4extdroprefs function when operating on a crafted ext4 filesystem image. Tenable has...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002974)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002974 advisory. A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001605)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001605 advisory. Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4extdroprefs function when operating on a crafted ext4 filesystem image. Tenable has...

kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values

A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image...

EulerOS 2.0 SP10 : udisks2 (EulerOS-SA-2025-2117)

According to the versions of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

Linux Distros Unpatched Vulnerability : CVE-2018-10877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4extdroprefs function when operating on a crafted ext4 filesystem image...

Linux Distros Unpatched Vulnerability : CVE-2018-10878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is...

CVE-2023-33552

Heap Buffer Overflow in the erofsreadonedata function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image...

Updated erofs-utils packages fix security vulnerabilities

Heap Buffer Overflow in the erofsfsckdirentiter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image...

Amazon Linux 2023 : clamav, clamav-data, clamav-devel (ALAS2023-2023-331)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-331 advisory. A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...

CVE-2023-33552

Heap Buffer Overflow in the erofsreadonedata function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image...

UBUNTU-CVE-2023-33551

Heap Buffer Overflow in the erofsfsckdirentiter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image...

SUSE CVE-2007-5497

Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image...

SUSE CVE-2014-9731

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c...

Tuxera NTFS-3G 代码问题漏洞

NTFS-3G is a stable, full-featured, read/write NTFS driver for Linux, Android, Mac OS X, FreeBSD, NetBSD, OpenSolaris, QNX, Haiku, and other operating systems. ntfs extentinodeopen is vulnerable to a null pointer dereference. An attacker could exploit the vulnerability to cause null pointer...

NewStart CGSL CORE 5.04 / MAIN 5.04 : e2fsprogs Vulnerability (NS-SA-2021-0005)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has e2fsprogs packages installed that are affected by a vulnerability: - Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem...