155 matches found
kernel: ext4: do not create EA inode under buffer lock
A vulnerability was found in the Linux kernel's ext4 filesystem, where the system could create EA inodes while holding a buffer lock, this approach can lead to deadlocks, especially if the filesystem is corrupted...
kernel: ext4: do not create EA inode under buffer lock
A vulnerability was found in the Linux kernel's ext4 filesystem, where the system could create EA inodes while holding a buffer lock, this approach can lead to deadlocks, especially if the filesystem is corrupted...
UBUNTU-CVE-2024-46695
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...
jfs: xattr: fix buffer overflow for invalid xattr
...
AZL-47980 CVE-2024-41076 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4setsecuritylabel We leak nfsfattr and nfs4label every time we set a security xattr...
UBUNTU-CVE-2024-41076
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4setsecuritylabel We leak nfsfattr and nfs4label every time we set a security xattr...
DEBIAN-CVE-2024-41017
In the Linux kernel, the following vulnerability has been resolved: jfs: don't walk off the end of ealist Add a check before visiting the members of ea to make sure each ea stays within the ealist...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check before traversing the members of the ealist to ensure that each ea remains within the scope o...
SUSE CVE-2024-40972
In the Linux kernel, the following vulnerability has been resolved: ext4: do not create EA inode under buffer lock ext4xattrsetentry creates new EA inodes while holding buffer lock on the external xattr block. This is problematic as it nests all the allocation locking which acquires locks on othe...
SUSE-SU-2024:2463-1 Security update for squashfs
This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools bsc935380 - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination bsc1189936 - CVE-2021-41072: Fixed an issu...
DEBIAN-CVE-2024-40972
In the Linux kernel, the following vulnerability has been resolved: ext4: do not create EA inode under buffer lock ext4xattrsetentry creates new EA inodes while holding buffer lock on the external xattr block. This is problematic as it nests all the allocation locking which acquires locks on othe...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a potential deadlock issue in the ext4 file system when creating an EA inode...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the sanitycheckinode function not performing a sanity check on ixattrnid...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention between the xattrset|get and listxattr operations...
DEBIAN-CVE-2023-52640
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix oob in ntfslistxattr The length of name cannot exceed the space occupied by ea...
PT-2024-29186
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the ext4 file system in the Linux kernel. The function ext4 xattr set entry creates new EA inodes while holding a buffer lock on the external xattr block. This ca...
OESA-2024-1284 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the...
openSUSE: Security Advisory for squashfs (SUSE-SU-2023:4591-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
kernel: ext4: fix deadlock due to mbcache entry corruption
A deadlock vulnerability was found in the ext4 filesystem in the Linux kernel. When manipulating extended attribute xattr blocks, a race condition in non-atomic bitfield updates can cause the mbcache entry state to become corrupted. This leads to an infinite loop in ext4xattrblockset where the co...
PT-2025-54151
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's ext4 filesystem implementation. Specifically, the issue involves handling extended attribute ea block expansion during unmounting. The process require...