82 matches found
SUSE CVE-2026-46329
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...
CVE-2026-46329
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...
UBUNTU-CVE-2026-46329
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...
EUVD-2026-35430
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...
CVE-2026-46329 erofs: handle end of filesystem properly for file-backed mounts
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...
CVE-2026-46329
The CVE-2026-46329 entry concerns the erofs filesystem in the Linux kernel. The underlying issue was handling end-of-filesystem conditions for file-backed mounts, where I/O requests beyond the filesystem end should be zeroed (as with loopback devices). The advisory indicates this has been resolve...
CVE-2026-46329
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...
FreeBSD -- Arbitrary file overwrite via the KTLS receive path
Problem Description: The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous...
FreeBSD-SA-26:26.ktls
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:26.ktls Security Advisory The FreeBSD Project Topic: Arbitrary file overwrite via the KTLS receive path Category: core Module: ktls Announced: 2026-06-09...
PT-2026-47787
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...
FreeBSD Security Advisory - FreeBSD-SA-26:26.ktls
FreeBSD Security Advisory - The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: limited the level of fs stacking for file-backed mounts. Otherwise, it could cause potential kernel stack overflows e.g., when mounting EROFS itself...
pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...
Deserialization of Untrusted Data
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the FileBackedSessionManager. An attacker can execute arbitrary code by placing a crafted serialized payload into the sessions directory, which is deserialized without...
GHSA-4RHG-H8F2-V4JM pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...
CVE-2026-7818 pgAdmin 4: Unsafe deserialization (CWE-502) in file-backed session manager leads to remote code execution
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...
kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration
A flaw was found in the Linux kernel. A local attacker could exploit a deadlock vulnerability due to incorrect lock ordering between foliolock and immaprwsem when migrating hugetlb file-backed folios. This could lead to hung tasks and potential system-wide stalls, resulting in a Denial of Service...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: erofs: fixed the UAF issue for file-backed mounts with the directio option 9.269940 T3222 Call trace: 9.269948 T3222 ext4filereadIter+0xac/0x108 9.269979 T3222 vfsiocbiterread+0xac/0x198 9.269993 T3222...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mm: Use memallocnofssave in pagecacheraorder See commit f2c817bed58d “mm: Use memallocnofssave in readahead path”. Ensure that pagecacheraorder does not attempt to reclaim file-backed pages too often, as this can lead to a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: Avoid using multiple devices of different types. For multiple devices, both the primary and additional devices should be of the same type. erofsinitdevice already ensures that if the primary device is a file-backed device,...