SUSE SLES12 Security Update : kernel (SUSE-SU-2026:2450-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2450-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263:...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ext4: fixed a warning in ext4handleinodeextension We encountered the following issues: EXT4-fs error device loop0 in ext4reserveinodewrite:5741: Out of memory EXT4-fs error device loop0: ext4setattr:5462: inode 13: comm...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4prepareInlinedata When running the following code on an ext4 filesystem with the inlinedata feature enabled, the following bug will occur. fd = open"file1", ORDWR | OCREAT | OTRUNC, 0666;...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: a potential memory leak has been fixed in ext4fcrecordmodified inode. Since krealloc may return NULL, in this case, state-fcmodifiedinodes may not be freed by krealloc. However, state-fcmodifiedinodes is already set to NULL...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid failures during online resizing due to an overly large flexbgsize. When we perform online resizing on an ext4 filesystem with an excessively large flexbgsize, the following warning is triggered:...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4xattrMoveToBlock In ext4xattrMoveToBlock, the value of the extended attribute that we need to move to an external block may be allocated by kvmalloc if the value is stored in an external...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: fixed memory leaks in ext4fnamesetupfilename,preparelookup. If filename case-folding fails, we will be leaking memory from the fscryptname struct, specifically from the 'cryptobuf.name' member. Make sure we free this memory...

Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-13106)

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens RuggedCom Rox Integer Underflow (Wrap or Wraparound) (CVE-2019-13104)

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy to overwrite a very large amount of data including the whole stack while reading a crafted ext4 filesystem. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mo...

Siemens RuggedCom Rox Integer Overflow or Wraparound (CVE-2024-57256)

An integer overflow in ext4fsreadsymlink in Das U-Boot before 2025.01-rc1 occurs for zalloc adding one to an le32 variable via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. This plugin only works with Tenable.ot. Please...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7795-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7795-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

Ubuntu 20.04 LTS : Linux kernel (AWS FIPS) vulnerabilities (USN-7795-3)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7795-3 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2026-2171)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid...

EulerOS Virtualization 2.13.1 : kernel (EulerOS-SA-2026-2132)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid...

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

CVE-2025-70100

CVE-2025-70100 affects lwext4 1.0.0. A divide-by-zero in ext4_block_set_lb_size (src/ext4_blockdev.c) can cause denial of service when processing a malformed ext4 image, triggering a Floating-Point Exception or crash due to missing lb_size validation during mount/image handling. Connected sources...

CVE-2025-70101

lwext4 1.0.0 exposes an out-of-bounds read in ext4_ext_binsearch_idx (src/ext4_extent.c) that can trigger denial of service when processing a crafted ext4 image. The vulnerability stems from insufficient validation of extent header fields prior to performing a binary search over extent index entr...