43 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53015
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: unify lcn as u64 for 32-bit platforms As sashiko reported 1, lcn was typed as unsigned long or unsigned int sometimes, which is only 32 bits wide on 32-b...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: erofs: Proper handling of the end of the filesystem is required for file-backed mounts. I/O requests that go beyond the end of the filesystem should be set to zero, similar to the behavior of loopback devices. This is what we...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: erofs: fixed the UAF issue for file-backed mounts with the directio option 9.269940 T3222 Call trace: 9.269948 T3222 ext4filereadIter+0xac/0x108 9.269979 T3222 vfsiocbiterread+0xac/0x198 9.269993 T3222...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: erofs/zmap.c: Corrected incorrect offset calculation The effective offset to be added to the length was incorrectly calculated, resulting in iomap-length being set to 0, which triggered a WARNON in iomapiterdone. This issue was...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: Stop parsing non-compact HEAD indexes if clusterofs is invalid Syzbot generated a crafted image with a non-compact HEAD index of clusterofs 33024. Valid numbers should be between 0 and lclustersize-1, which causes the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: Add GFPNOIO to the bio completion if necessary. The bio completion path in the process context e.g., dm-verity will directly call into decompression instead of triggering another workqueue context for minimal scheduling...
Linux Distros Unpatched Vulnerability : CVE-2026-46329
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices...
UBUNTU-CVE-2026-45999
In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...
UBUNTU-CVE-2026-45943
In the Linux kernel, the following vulnerability has been resolved: erofs: fix inline data read failure for ztailpacking pclusters Compressed folios for ztailpacking pclusters must be valid before adding these pclusters to I/O chains. Otherwise, zerofsdecompresspcluster may assume they are alread...
CVE-2026-45999
In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an unsigned overflow in the zerofslz4handleoverlap function within erofs. This vulnerability may...
Linux Distros Unpatched Vulnerability : CVE-2026-46078
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary- checks for nameoffs, but the trailing dirents are special...
Linux Distros Unpatched Vulnerability : CVE-2026-45943
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix inline data read failure for ztailpacking pclusters Compressed folios for ztailpacking pclusters must be valid before adding these pclusters to I/O...
Linux Distros Unpatched Vulnerability : CVE-2026-43179
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix incorrect early exits for invalid metabox-enabled images Crafted EROFS images with metadata compression enabled can trigger incorrect early returns,...
Linux Distros Unpatched Vulnerability : CVE-2026-43166
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length are both aligned to the block si...
SUSE CVE-2026-31467
In the Linux kernel, the following vulnerability has been resolved: erofs: add GFPNOIO in the bio completion if needed The bio completion path in the process context e.g. dm-verity will directly call into decompression rather than trigger another workqueue context for minimal scheduling latencies...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005772)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005772 advisory. In the Linux kernel, the following vulnerability has been resolved: erofs: fix order = MAXORDER warning due to crafted negative isize As syzbot reported 1, the root...
CVE-2026-23224
CVE-2026-23224 relates to the Linux kernel EROFS UAF race on file-backed mounts with the directio option. The issue arises in a race between z_erofs_read_folio, erofs_fileio_submit_bio, and related IO workqueue paths, where a dio ki_complete path frees an iocb/rq while access to the underlying fi...
Linux Distros Unpatched Vulnerability : CVE-2026-23224
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix UAF issue for file-backed mounts w/ directio option 9.269940 T3222 Call trace: 9.269948 T3222 ext4filereaditer+0xac/0x108 9.269979 T3222...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: erofs: Avoid infinite loops due to incomplete zstd-compressed data. Currently, the decompression logic incorrectly processes compressed data if the data is truncated in crafted deliberately corrupted images...