CVE-2026-10645

Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2fetchdirentry subsys/fs/ext2/ext2diskops.c, the code only checks denamelen = EXT2MAXFILENAME and then copies the name with memcpy...

CVE-2025-70099

A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...

CVE-2026-46175

Summary of CVE-2026-46175 (f2fs FGGC issue) : In the Linux kernel’s f2fs filesystem, Foreground Garbage Collection (FGGC) of node blocks could leave the fsync and dentry marks uncleared, causing fsck to misinterpret migrated data as fsync-written. The root cause is that the marks were not cleared...

SUSE CVE-2026-45862

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush cache for PASID table before using it When writing the address of a freshly allocated zero-initialized PASID table to a PASID directory entry, do that after the CPU cache flush for this PASID table, not before i...

PT-2026-43729

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iommu/vt-d component where the address of a freshly allocated zero-initialized PASID table is written to a PASID directory entry before the CPU cache flush occurs...

PT-2026-37386

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the OCFS2 file system where the ocfs2 validate inode block function fails to validate the size of inline data when reading an inode from disk. In cases of filesystem...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: isofs: Fixed out-of-bound access for corrupted isofs images. When an isofs image is corrupted, isofsread inode can read data beyond the end of the buffer. It is necessary to sanity-check the length of the directory entry befor...

CVE-2026-6386

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007302 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix OOB in nilfssetdetype The size of the nilfstypebymode array in the fs/nilfs2/dir.c fi...

kernel: smb: client: Fix use-after-free in cifs_fill_dirent

A use-after-free flaw was found in cifsfilldirent in fs/cifs/readdir.c in smb client in the Linux Kernel. This flaw could allow an attacker to crash the system due to race problem. This vulnerability could even lead to a kernel information leak problem...

CLSA-2026-1771077729 kernel: Fix of 107 CVEs

net/ieee802154: don't warn zero-sized rawsendmsg CVE-2022-50706 - bpf: Don't redirect packets with invalid pktlen CVE-2022-49975 - media: uvcvideo: Fix 1-byte out-of-bounds read in uvcparseformat CVE-2025-38680 - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network...

kernel: smb: client: Fix use-after-free in cifs_fill_dirent

A use-after-free flaw was found in cifsfilldirent in fs/cifs/readdir.c in smb client in the Linux Kernel. This flaw could allow an attacker to crash the system due to race problem. This vulnerability could even lead to a kernel information leak problem...

kernel-rt security update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

Azure Linux 3.0 Security Update: kernel (CVE-2024-57940)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57940 advisory. - In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in...

kernel: smb: client: Fix use-after-free in cifs_fill_dirent

A use-after-free flaw was found in cifsfilldirent in fs/cifs/readdir.c in smb client in the Linux Kernel. This flaw could allow an attacker to crash the system due to race problem. This vulnerability could even lead to a kernel information leak problem...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003754)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003754 advisory. Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. Tenable has extracted the preceding description...

kernel: smb: client: Fix use-after-free in cifs_fill_dirent

A use-after-free flaw was found in cifsfilldirent in fs/cifs/readdir.c in smb client in the Linux Kernel. This flaw could allow an attacker to crash the system due to race problem. This vulnerability could even lead to a kernel information leak problem...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992743)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992743 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUGON when directory entry has invalid reclen The reclen field in the directory entry h...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990771)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990771 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUGON when directory entry has invalid reclen The reclen field in the directory entry h...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989902)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989902 advisory. In the Linux kernel, the following vulnerability has been resolved: isofs: Fix out of bound access for corrupted isofs image When isofs image is suitably corrupted...