CVE-2023-53262 f2fs: fix scheduling while atomic in decompression path

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix scheduling while atomic in decompression path 16.945668 C0 Call trace: 16.945678 C0 dumpbacktrace+0x110/0x204 16.945706 C0 dumpstacklvl+0x84/0xbc 16.945735 C0 schedulebug+0xb8/0x1ac 16.945756 C0 schedule+0x724/0xbdc...

CVE-2023-53262

Mode C: Affected software/issue details: CVE-2023-53262 concerns the Linux kernel with f2fs: fix scheduling while atomic in decompression path. The connected sources describe a root cause in the decompression path related to scheduling during atomic operations, evidenced by a long call trace endi...

CVE-2023-53262 f2fs: fix scheduling while atomic in decompression path

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix scheduling while atomic in decompression path 16.945668 C0 Call trace: 16.945678 C0 dumpbacktrace+0x110/0x204 16.945706 C0 dumpstacklvl+0x84/0xbc 16.945735 C0 schedulebug+0xb8/0x1ac 16.945756 C0 schedule+0x724/0xbdc...

CVE-2023-53231

The CVE-2023-53231 entry concerns the Linux kernel erofs subsystem. The vulnerability stems from incorrect detection of atomic context when z_erofs_decompressqueue_endio can be invoked under an RCU/lock context (e.g., from blk_mq_flush_plug_list). The patch updates the context check to rcu_read_l...

CVE-2023-53231 erofs: Fix detection of atomic context

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic context Current check for atomic context is not sufficient as zerofsdecompressqueueendio can be called under rcu lock from blkmqflushpluglist. See the stacktrace 1 In such case we should hand off th...

CVE-2023-53231 erofs: Fix detection of atomic context

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic context Current check for atomic context is not sufficient as zerofsdecompressqueueendio can be called under rcu lock from blkmqflushpluglist. See the stacktrace 1 In such case we should hand off th...

CVE-2023-53231 erofs: Fix detection of atomic context

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic context Current check for atomic context is not sufficient as zerofsdecompressqueueendio can be called under rcu lock from blkmqflushpluglist. See the stacktrace 1 In such case we should hand off th...

PT-2025-37703

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was discovered in the Linux kernel related to scheduling during atomic operations within the decompression path of the f2fs filesystem. The issue involves potential scheduling...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an atomic scheduling problem in the decompression path...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from insufficient atomic context detection and could lead to synchronized decompression under RCU lock...

DEBIAN-CVE-2025-39731

In the Linux kernel, the following vulnerability has been resolved: f2fs: vmunmapram may be called from an invalid context When testing F2FS with xfstests using UFS backed virtual disks the kernel complains sometimes that f2fsreleasedecompmem calls vmunmapram from an invalid context. Example trac...

UBUNTU-CVE-2025-39731

In the Linux kernel, the following vulnerability has been resolved: f2fs: vmunmapram may be called from an invalid context When testing F2FS with xfstests using UFS backed virtual disks the kernel complains sometimes that f2fsreleasedecompmem calls vmunmapram from an invalid context. Example trac...

BIT-POWERSHELL-2020-8927 Buffer overflow in Brotli library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli...

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used for developing Java web applications such as protocol servers and clients. A security vulnerability exists in Netty versions 4.1.124.Final and earlier and 4.2.4.Final and earlier, which stems fro...

Exploit for Out-of-bounds Write in Apple Ipados

iOS 18.6.1 0-click RCE POC The vulnerability seems to be in t...

Linux Distros Unpatched Vulnerability : CVE-2023-35964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2023-0475

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. CVE-2023-0475 Note that Nessus relies on the presence ...

Linux Distros Unpatched Vulnerability : CVE-2023-29417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not...

Linux Distros Unpatched Vulnerability : CVE-2023-38649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple out-of-bounds write vulnerabilities exist in the VZT vztrdgetfacname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can...

Linux Distros Unpatched Vulnerability : CVE-2023-35961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...