Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid crashes when inline data creation occurs after DIO write When an inode is created and written using direct IO, there is no way to clear the EXT4STATEMAYINLINEDATA flag. As a result, when the inode is truncated to just...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a deadlock that occurs during concurrent direct IO writes when there is limited free data space. When reserving data space for a direct IO write, a deadlock can occur if multiple tasks attempt to write to the same fi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005724)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005724 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written t...

erofs: fix UAF issue for file-backed mounts w/ directio option

...

CVE-2026-23224

In the Linux kernel, the following vulnerability has been resolved: erofs: fix UAF issue for file-backed mounts w/ directio option 9.269940 T3222 Call trace: 9.269948 T3222 ext4filereaditer+0xac/0x108 9.269979 T3222 vfsiocbiterread+0xac/0x198 9.269993 T3222 erofsfileiorqsubmit+0x12c/0x180 9.27000...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005189)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005189 advisory. In the Linux kernel, the following vulnerability has been resolved: ceph: remove the incorrect Fw reference check when dirtying pages When doing the direct-io reads ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004362)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004362 advisory. A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index aft...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001611)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001611 advisory. A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index aft...

SUSE CVE-2023-53711

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it synchronously, we sti...

EUVD-2022-55136

In the Linux kernel, the following vulnerability has been resolved: btrfs: release correct delalloc amount in direct IO write path Running generic/406 causes the following WARNING in btrfsdestroyinode which tells there are outstanding extents left. In btrfsgetblocksdirectwrite, we reserve a...

EUVD-2004-2650

Malware in sbrugna...

EUVD-2020-3164

Malware in sbrugna...

AZL-68132 CVE-2025-39929 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirectrecvio leak in smbdnegotiate error path During tests of another unrelated patch I was able to trigger this error: Objects remaining on kmemcacheshutdown...

EUVD-2024-51891

Malicious code in bioql PyPI...

UBUNTU-CVE-2022-50435

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written to using direct IO, there is nothing to clear the EXT4STATEMAYINLINEDATA flag. Thus when inode gets truncated later to say 1 byte and...

CVE-2022-50435 ext4: avoid crash when inline data creation follows DIO write

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written to using direct IO, there is nothing to clear the EXT4STATEMAYINLINEDATA flag. Thus when inode gets truncated later to say 1 byte and...

CVE-2022-50435 ext4: avoid crash when inline data creation follows DIO write

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written to using direct IO, there is nothing to clear the EXT4STATEMAYINLINEDATA flag. Thus when inode gets truncated later to say 1 byte and...

CVE-2022-50270

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix the assign logic of iocb commit 18ae8d12991b "f2fs: show more DIO information in tracepoint" introduces iocb field in 'f2fsdirectIOenter' trace event And it only assigns the pointer and later it accesses its field in...

UBUNTU-CVE-2022-50270

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix the assign logic of iocb commit 18ae8d12991b "f2fs: show more DIO information in tracepoint" introduces iocb field in 'f2fsdirectIOenter' trace event And it only assigns the pointer and later it accesses its field in...

CVE-2022-50270

This CVE (CVE-2022-50270) affects the Linux kernel f2fs component. The root cause was a faulty iocb assignment in the f2fs_direct_IO_enter trace event: the code only copied the pointer of iocb and then accessed its field during trace printing, which could lead to a kernel paging fault. The fixes ...