5 matches found
CVE-2026-34961
barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...
CVE-2026-34961 barebox ext4 Extent Parsing Out-of-Bounds Read
barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013135)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013135 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug in extents parsing when ehentries == 0 and ehdepth 0 When walking through an inode...
DEBIAN-CVE-2022-48631
In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug in extents parsing when ehentries == 0 and ehdepth 0 When walking through an inode extents, the ext4extbinsearchidx function assumes that the extent header has been previously validated. However, there are no checks...
UBUNTU-CVE-2022-48631
In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug in extents parsing when ehentries == 0 and ehdepth 0 When walking through an inode extents, the ext4extbinsearchidx function assumes that the extent header has been previously validated. However, there are no checks...