Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the sanity check on ino and xnid. syzbot reported a f2fs bug as follows: INFO: Task syz-executor140:5308 was blocked for more than 143 seconds. Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 0 “echo 0...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001368)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001368 advisory. An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service slab out-of-bounds read and BUG can occur for a modified f2fs...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003198)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003198 advisory. An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service out-of- bounds memory access and BUG can occur for a modified f2fs...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002611)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002611 advisory. An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service slab out-of-bounds read and BUG can occur for a modified f2fs...

EUVD-2023-60167

In the Linux kernel, the following vulnerability has been resolved: f2fs: flush inode if atomic file is aborted Let's flush the inode being aborted atomic operation to avoid stale dirty inode during eviction in this call stack: f2fsmarkinodedirtysync+0x22/0x40 f2fs f2fsabortatomicwrite+0xc4/0xf0...

CVE-2023-53829 f2fs: flush inode if atomic file is aborted

In the Linux kernel, the following vulnerability has been resolved: f2fs: flush inode if atomic file is aborted Let's flush the inode being aborted atomic operation to avoid stale dirty inode during eviction in this call stack: f2fsmarkinodedirtysync+0x22/0x40 f2fs f2fsabortatomicwrite+0xc4/0xf0...

Linux Distros Unpatched Vulnerability : CVE-2023-53829

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: flush inode if atomic file is aborted Let's flush the inode being aborted atomic operation to avoid stale dirty inode during eviction in this call stack:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989778 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to clear dirty inode in f2fsevictinode As Yanming reported in bugzilla:...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-33847)

f2fs: compress: Released compress inode f2fs image may be corrupted. The reason is partial truncation assume compressed inode has reserved blocks, after partial truncation, valid block count may change w/o .iblocks and .totalvalidblockcount update, resulting in corruption. This plugin only works...

Linux Distros Unpatched Vulnerability : CVE-2025-38577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix to avoid panic in f2fsevictinode As syzbot 1 reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c1085...

AZL-66521 CVE-2025-38578 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fssyncinodemeta syzbot reported an UAF issue as below: 1 2 1 https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000 ================================================================== BUG:...

CVE-2022-49255

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fshandlefailedinode This patch fixes xfstests/generic/475 failure. 293.680694 F2FS-fs dm-1: May loss orphan inode, run fsck to fix. 293.685358 Buffer I/O error on dev dm-1, logical block 8388592,...

SUSE CVE-2022-49364

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to clear dirty inode in f2fsevictinode As Yanming reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215904 The kernel message is shown below: kernel BUG at fs/f2fs/inode.c:825! Call Trace: evict+0x282/0x4...

CLSA-2024-1728584513 Fix of 20 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-38588 - ftrace: Fix possible warning on checking all pages used in ftraceprocesslocs - ftrace: Fix possible use-after-free issue in ftracelocation CVE-url: https://ubuntu.com/security/CVE-2024-46744 - Squashfs: sanity check symbolic link size CVE-url:...

CLSA-2024-1710947240 Fix of 12 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-52449 - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier CVE-url: https://ubuntu.com/security/CVE-2023-39197 - netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one CVE-url:...

USN-6681-4 linux-aws, linux-aws-5.4 vulnerabilities

Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service system...

USN-6681-3 linux-ibm, linux-ibm-5.4, linux-oracle, linux-oracle-5.4 vulnerabilities

Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service system...

USN-6681-2 linux-bluefield, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities

Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service system...

USN-6681-1 linux, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-iot, linux-kvm, linux-raspi vulnerabilities

Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service system...

SUSE CVE-2018-13098

An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service slab out-of-bounds read and BUG can occur for a modified f2fs filesystem image in which FIEXTRAATTR is set in an inode...