CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2025/11/25 12:37 p.m.•4 views

kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values

A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image...

7.3AI score

Cvelist•added 2025/11/12 10:23 a.m.•8 views

CVE-2025-40124 sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III

In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC III Anthony Yznaga tracked down that a BUGON in ext4 code with large folios enabled resulted from copyfromuser returning impossibly large values greater tha...

0.00184EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-6463

Malware in sbrugna...

6CVSS6.8AI score0.00469EPSS

Exploits0References23

Tenable Nessus•added 2025/08/09 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2023-30549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer 1.1.0 and...

7.8CVSS7AI score0.00369EPSS

Exploits0References2

RedHat Linux•added 2025/06/23 7:46 a.m.•5 views

kernel: ext4: ignore xattrs past end

A use-after-free vulnerability has been discovered in the Linux kernel, specifically within the ext4xattrinodedecrefall function related to the ext4 filesystem's extended attributes. An attacker could exploit this flaw by providing a specially crafted payload, leading to a denial of service...

7.8CVSS6.7AI score0.00161EPSS

OSV•added 2025/01/08 6:15 p.m.•2 views

DEBIAN-CVE-2024-56780

In the Linux kernel, the following vulnerability has been resolved: quota: flush quotareleasework upon quota writeback One of the paths quota writeback is called from is: freezesuper syncfilesystem ext4syncfs dquotwritebackdquots Since we currently don't always flush the quotareleasework queue in...

5.5CVSS5.7AI score0.00209EPSS

RedHat Linux•added 2024/12/04 12:56 a.m.•4 views

kernel: ext4: regenerate buddy after block freeing failed if under fc replay

A flaw was found in the Linux kernel's ext4 filesystem related to the fast commit replay process. During this process, blocks that are already marked as free can be incorrectly marked as free again, leading to the corruption of the buddy bitmap, which is used to track free and allocated blocks...

5.5CVSS6.8AI score0.00278EPSS

OSV•added 2024/11/08 6:15 a.m.•2 views

DEBIAN-CVE-2024-50191

In the Linux kernel, the following vulnerability has been resolved: ext4: don't set SBRDONLY after filesystem errors When the filesystem is mounted with errors=remount-ro, we were setting SBRDONLY flag to stop all filesystem modifications. We knew this misses proper locking sb-sumount and does no...

5.5CVSS5.8AI score0.00204EPSS

OSV•added 2024/06/25 3:15 p.m.•0 views

UBUNTU-CVE-2024-39276

In the Linux kernel, the following vulnerability has been resolved: ext4: fix mbcacheentry's erefcnt leak in ext4xattrblockcachefind Syzbot reports a warning as follows: ============================================ WARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mbcachedestroy+0x224/0x290 Modules...

5.5CVSS6.2AI score0.00231EPSS

Exploits0References30

OSV•added 2024/04/03 5:15 p.m.•2 views

DEBIAN-CVE-2024-26772

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4mbfindbygoal Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group with a...

5.5CVSS5.6AI score0.00255EPSS

RedHat Linux•added 2023/05/09 10:4 a.m.•1 views

kernel: ext4: avoid resizing to a partial cluster size

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing to a partial cluster size This patch avoids an attempt to resize the filesystem to an unaligned cluster boundary. An online resize to a size that is not integral to cluster size results in the last iteration...

5.5CVSS6.3AI score0.00157EPSS

Positive Technologies•added 2022/12/08 12:0 a.m.•5 views

PT-2025-49618

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-next-20221007-dirty 349 Description A flaw exists in the Linux kernel related to the handling of boot loader inodes. Specifically, a bug in the es tree search function within the ext4 filesystem can occur...

7.8CVSS6.6AI score0.00465EPSS

Exploits2References912

RedHat Linux•added 2020/08/03 12:15 p.m.•2 views

grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow

A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this...

6CVSS7.6AI score0.00469EPSS

RedHat Linux•added 2020/08/03 11:18 a.m.•3 views

grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow

6CVSS7.6AI score0.00469EPSS

OSV•added 2020/07/31 10:15 p.m.•3 views

ALPINE-CVE-2020-14311

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow...

6CVSS7.5AI score0.00469EPSS

RedHat Linux•added 2020/07/29 8:16 p.m.•1 views

grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow

6CVSS7.6AI score0.00469EPSS