CVE-2025-70099

A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...

CVE-2025-70099

A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...

CVE-2025-70099

A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...

CVE-2026-34962

barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4common.c where the ext4fsiteratedir function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a...

CVE-2026-34962

barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4common.c where the ext4fsiteratedir function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a...

Barebox 安全漏洞

Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of Barebox prior to 2026.04.0 contained security vulnerabilities. These vulnerabilities stemmed from the ext4fsiteratedir function in ext4 directory parsing, which did not verify that the length value of...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2019-5188)

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. This plugin...

EUVD-2022-54885

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. That can easily lead to the kernel corrupting tree nodes that were already verified under its...

EUVD-2019-14793

Malware in sbrugna...

EUVD-2025-11831

Malicious code in bioql PyPI...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2025-1957)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gpio: Restrict usage of GPIO chip irq members before initializationCVE-2022-49072 mmc: core: use sysfsemit instead of sprintf.CVE-2022-49267 ipv4:...

CVE-2022-49879

CVE-2022-49879 affects the Linux kernel ext4 code. A corrupted directory entry where rec_len is invalid (not a multiple of 4) can cause a kernel BUG() in ext4_rec_len_to_disk() called from make_indexed_dir(). The fix adds a validation step via ext4_check_dir_entry(), returning -EFSCORRUPTED for i...

CVE-2025-37785

In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with reclen == block size results in out-of-bounds read later on, when the corrupted directory is removed...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic CVE-2024-42131 In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipcudpaddr2str on error CVE-2024-42284 In the Linu...

CVE-2022-49343

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. That can easily lead to the kernel corrupting tree nodes that were already verified under its...

UBUNTU-CVE-2024-42304

In the Linux kernel, the following vulnerability has been resolved: ext4: make sure the first directory block is not a hole The syzbot constructs a directory that has no dirblock but is non-inline, i.e. the first directory block is a hole. And no errors are reported when creating files in this...

SUSE CVE-2019-5188

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability...

Unbreakable Enterprise kernel security update

4.1.12-124.67.3 - media: imon: Fix null-ptr-deref in imonprobe Arvind Yadav Orabug: 31225377 CVE-2017-16537 - fbcon: remove soft scrollback code Linus Torvalds Orabug: 31914703 CVE-2020-14390 - inet: use bigger hash table for IP ID generation Eric Dumazet Orabug: 33778986 CVE-2021-45486 - ipv4:...

Important: kernel

Issue Overview: 2023-06-29: CVE-2023-28772 was added to this advisory. An issue in the HID driver in the Linux kernel may lead to invalid memory access. CVE-2022-20565 A flaw was found in the Linux kernel's implementation of BTRFS free space management, where the kernel does not correctly manage...

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

...