Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001523)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001523 advisory. Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4xattrsetentry function. An attacker could exploit this by operating on a mounte...

CVE-2022-50845 ext4: fix inode leak in ext4_xattr_inode_create() on an error path

In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4xattrinodecreate on an error path There is issue as follows when do setxattr with inject fault: localhost fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 12-Sep-2022 Pass 1: Checking inodes, blocks, and sizes...

CVE-2025-40190

The CVE-2025-40190 entry concerns the Linux kernel ext4: guard against EA inode refcount underflow in xattr update. The root cause was a path where ext4_xattr_inode_update_ref() could read an EA inode refcount already

kernel: ext4: ignore xattrs past end

A use-after-free vulnerability has been discovered in the Linux kernel, specifically within the ext4xattrinodedecrefall function related to the ext4 filesystem's extended attributes. An attacker could exploit this flaw by providing a specially crafted payload, leading to a denial of service...

USN-6254-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the doprlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0458 It was discovered that a race...

Important: kernel-livepatch-4.14.173-137.229

Issue Overview: In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4xattrsetentry use-after-free in fs/ext4/xattr.c when a large oldsize value is used in a memset call. CVE-2019-19319 Affected...

kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image

The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4xattrinodehash function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image...

DEBIAN-CVE-2018-10840

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4xattrsetentry function. An attacker could exploit this by operating on a mounted crafted ext4 image...

DEBIAN-CVE-2018-1095

The ext4xattrcheckentries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service getacl NULL pointer dereference and system...