Lucene search
K

43 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: unify lcn as u64 for 32-bit platforms As sashiko reported 1, lcn was typed as unsigned long or unsigned int sometimes, which is only 32 bits wide on 32-b...

5.8AI score0.00168EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: erofs: Proper handling of the end of the filesystem is required for file-backed mounts. I/O requests that go beyond the end of the filesystem should be set to zero, similar to the behavior of loopback devices. This is what we...

5.7AI score0.00156EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: erofs: fixed the UAF issue for file-backed mounts with the directio option 9.269940 T3222 Call trace: 9.269948 T3222 ext4filereadIter+0xac/0x108 9.269979 T3222 vfsiocbiterread+0xac/0x198 9.269993 T3222...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: erofs/zmap.c: Corrected incorrect offset calculation The effective offset to be added to the length was incorrectly calculated, resulting in iomap-length being set to 0, which triggered a WARNON in iomapiterdone. This issue was...

5.5CVSS5.3AI score0.00176EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: Stop parsing non-compact HEAD indexes if clusterofs is invalid Syzbot generated a crafted image with a non-compact HEAD index of clusterofs 33024. Valid numbers should be between 0 and lclustersize-1, which causes the...

5.4AI score0.0018EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: Add GFPNOIO to the bio completion if necessary. The bio completion path in the process context e.g., dm-verity will directly call into decompression instead of triggering another workqueue context for minimal scheduling...

7.5CVSS5.2AI score0.00378EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-46329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices...

5.4AI score0.00156EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 2:17 p.m.5 views

UBUNTU-CVE-2026-45999

In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...

7.1CVSS5.7AI score0.00131EPSS
Exploits0References6
OSV
OSV
added 2026/05/27 2:17 p.m.7 views

UBUNTU-CVE-2026-45943

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inline data read failure for ztailpacking pclusters Compressed folios for ztailpacking pclusters must be valid before adding these pclusters to I/O chains. Otherwise, zerofsdecompresspcluster may assume they are alread...

7.1CVSS5.7AI score0.00125EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:55 p.m.4 views

CVE-2026-45999

In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...

7.1CVSS5.6AI score0.00131EPSS
Exploits0References8Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an unsigned overflow in the zerofslz4handleoverlap function within erofs. This vulnerability may...

7.1CVSS5.9AI score0.00131EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-46078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary- checks for nameoffs, but the trailing dirents are special...

7.1CVSS5.9AI score0.00131EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-45943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix inline data read failure for ztailpacking pclusters Compressed folios for ztailpacking pclusters must be valid before adding these pclusters to I/O...

7.1CVSS5.8AI score0.00125EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-43179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix incorrect early exits for invalid metabox-enabled images Crafted EROFS images with metadata compression enabled can trigger incorrect early returns,...

5.5CVSS6.1AI score0.00126EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-43166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length are both aligned to the block si...

7.1CVSS7AI score0.00132EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.6 views

SUSE CVE-2026-31467

In the Linux kernel, the following vulnerability has been resolved: erofs: add GFPNOIO in the bio completion if needed The bio completion path in the process context e.g. dm-verity will directly call into decompression rather than trigger another workqueue context for minimal scheduling latencies...

7.5CVSS5.6AI score0.00378EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005772)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005772 advisory. In the Linux kernel, the following vulnerability has been resolved: erofs: fix order = MAXORDER warning due to crafted negative isize As syzbot reported 1, the root...

5.5CVSS5.9AI score0.00146EPSS
Exploits0References4
CVE
CVE
added 2026/02/18 2:53 p.m.21 views

CVE-2026-23224

CVE-2026-23224 relates to the Linux kernel EROFS UAF race on file-backed mounts with the directio option. The issue arises in a race between z_erofs_read_folio, erofs_fileio_submit_bio, and related IO workqueue paths, where a dio ki_complete path frees an iocb/rq while access to the underlying fi...

7.8CVSS5.2AI score0.00124EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-23224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix UAF issue for file-backed mounts w/ directio option 9.269940 T3222 Call trace: 9.269948 T3222 ext4filereaditer+0xac/0x108 9.269979 T3222...

7.8CVSS7AI score0.00124EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: erofs: Avoid infinite loops due to incomplete zstd-compressed data. Currently, the decompression logic incorrectly processes compressed data if the data is truncated in crafted deliberately corrupted images...

5.9AI score0.00166EPSS
Exploits0References3
Rows per page
Query Builder