Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000842)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000842 advisory. The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002013)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002013 advisory. The udfpctochar function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denia...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001985)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001985 advisory. The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002527)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002527 advisory. The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to...

AZL-27387 CVE-2023-37454 affecting package kernel 5.15.200.1-1

An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udfputsuper and udfcloselvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this...

K17321: Linux kernel UDF vulnerability CVE-2015-4167

Security Advisory Description The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service incorrect data representation or integer overflow, and OOPS via a crafted UDF filesystem...

SUSE CVE-2012-3400

Heap-based buffer overflow in the udfloadlogicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service system crash or possibly have unspecified other impact via a crafted UDF filesystem...

SUSE CVE-2014-9730

The udfpctochar function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service system crash via a crafted UDF filesystem image...

SUSE CVE-2014-9729

The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service system crash via a crafted UDF filesystem image...

SUSE CVE-2015-4167

The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service incorrect data representation or integer overflow, and OOPS via a crafted UDF filesystem...

kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback

A NULL pointer dereference was found in the Linux kernel’s UDF file system functionality in the way the user triggers the udffilewriteiter function for a malicious UDF image. This flaw allows a local user to crash the system...

Remote code execution

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...

CVE-2014-9729

The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service system crash via a crafted UDF filesystem image...

CVE-2014-9729

The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service system crash via a crafted UDF filesystem image...

CVE-2014-9729

The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service system crash via a crafted UDF filesystem image...

UBUNTU-CVE-2014-9729

The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service system crash via a crafted UDF filesystem image...

DEBIAN-CVE-2012-3400

Heap-based buffer overflow in the udfloadlogicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service system crash or possibly have unspecified other impact via a crafted UDF filesystem...

Null pointer dereference

Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service crash via a crafted Universal Disc Format UDF disk image, which triggers a NULL pointer dereference...

CVE-2008-0999

Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service crash via a crafted Universal Disc Format UDF disk image, which triggers a NULL pointer dereference...