86 matches found
CVE-2025-70101
An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...
CVE-2025-70100
A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...
CVE-2025-70099
A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...
Barebox 缓冲区错误漏洞
Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of Barebox prior to 2026.04.0 contained a buffer error vulnerability. This vulnerability stemmed from the lack of verification of the ehentry fields and buffer capacity during ext4 extent parsing. It could...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001155)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001155 advisory. The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004046)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004046 advisory. In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001242)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001242 advisory. A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2journaldirtymetadata, a denial of service, and a system...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004417)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004417 advisory. In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001645)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001645 advisory. The ext4validblockbitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service out-of-bounds read and system...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003063)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003063 advisory. A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002586)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002586 advisory. A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2journaldirtymetadata, a denial of service, and a system...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001836)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001836 advisory. The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002557)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002557 advisory. The ext4iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero ilinkscount, which allows attackers ...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003093)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003093 advisory. The ext4validblockbitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service out-of-bounds read and system...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002810)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002810 advisory. The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003268)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003268 advisory. The ext4xattrcheckentries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003009)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003009 advisory. The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000880)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000880 advisory. The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000456)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000456 advisory. In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4putsuper in...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000450)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000450 advisory. In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an...