CVE-2025-70101

lwext4 1.0.0 exposes an out-of-bounds read in ext4_ext_binsearch_idx (src/ext4_extent.c) that can trigger denial of service when processing a crafted ext4 image. The vulnerability stems from insufficient validation of extent header fields prior to performing a binary search over extent index entr...

CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

PT-2026-45935

Name of the Vulnerable Software and Affected Versions lwext4 version 1.0.0 Description An out-of-bounds read exists in the ext4 ext binsearch idx function within the src/ext4 extent.c file. This occurs because extent header fields are not sufficiently validated before a binary search is performed...

SUSE CVE-2026-45892

In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache after doing PARTIALVALID1 zeroout When splitting an unwritten extent in the middle and converting it to initialized in ext4splitextent with the EXT4EXTMAYZEROOUT and EXT4EXTDATAVALID2 flags set, it could...

SUSE CVE-2026-45899

In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitting extent fails When the split extent fails, we might leave some extents still being processed and return an error directly, which will result in stale extent entries remaining in the extent...

CVE-2026-45858

In the Linux kernel, the following vulnerability has been resolved: ext4: don't zero the entire extent if EXT4EXTDATAPARTIALVALID1 When allocating initialized blocks from a large unwritten extent, or when splitting an unwritten extent during end I/O and converting it to initialized, there is...

CVE-2026-34961

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

OESA-2026-2233 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ext4: validate pidx bounds in ext4extcorrectindexes ext4extcorrectindexes walks up the extent tree correcting index entries when the first extent in a leaf is...

Astra Linux – Vulnerability in Linux

A vulnerability was discovered in the Linux kernel, where an information leak occurs through the ext4extentheader to the user space...

SUSE CVE-2026-31448

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if inserting a new extent into the extent tree fails in this example, because the file system disabled th...

EUVD-2026-24786

In the Linux kernel, the following vulnerability has been resolved: ext4: validate pidx bounds in ext4extcorrectindexes ext4extcorrectindexes walks up the extent tree correcting index entries when the first extent in a leaf is modified. Before accessing pathk.pidx-eiblock, there is no validation...

CVE-2026-31449

The CVE-2026-31449 entry concerns the Linux kernel ext4 extent code. A vulnerability was fixed in ext4_ext_correct_indexes where path[k].p_idx could point outside the valid index range if the on-disk eh_entries were corrupted, causing a slab-out-of-bounds read. The fix validates path[k].p_idx aga...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001540)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001540 advisory. A vulnerability was found in linux kernel, where an information leak occurs via ext4extentheader to userspace. Tenable has extracted the preceding description block...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004031)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004031 advisory. A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003631)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003631 advisory. fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004613 advisory. A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in...

Siemens Ruggedcom ROX Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-0850)

A vulnerability was found in linux kernel, where an information leak occurs via ext4extentheader to userspace. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000396)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000396 advisory. fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain...

Linux Distros Unpatched Vulnerability : CVE-2022-0850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in linux kernel, where an information leak occurs via ext4extentheader to userspace. CVE-2022-0850 Note that Nessus relies on the...