Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed scheduling issues during atomic decompression operations 16.945668 C0 Call trace: 16.945678 C0 dumpbacktrace+0x110/0x204 16.945706 C0 dumpstacklvl+0x84/0xbc 16.945735 C0 schedulebug+0xb8/0x1ac 16.945756 C0...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed the assignment logic of iocb. Commit 18ae8d12991b “f2fs: shows more DIO information in tracepoints” introduced the iocb field in the ‘f2fsdirectIOenter’ trace event. It only assigns the pointer and then accesses it...

Astra Linux - уязвимость в linux

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to a slab-out-of-bounds read access in f2fsbuildsegmentmanager in fs/f2fs/segment.c. This issue is related to initminmaxmtime in fs/f2fs/segment.c because the second argument to getsegentry is not validated...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: Explicitly terminate the xattr list with a null character. When setting an xattr, ensure that the xattr list is explicitly terminated with a null character. This eliminates the fragile assumption that the unused xattr space...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: The return value of f2fsrecoverfsyncdata has been fixed. With the following scripts, a panic will occur in f2fs: bash mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 /mnt/f2fs/foo f2fsio fsy...

CVE-2026-23265

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in read,writeendio ----------- cut here ------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: blkupdaterequest+0x5eb/0xe70 block/blk-mq.c:987 blkmqendrequest+0x3e/0x70...

CVE-2026-23267

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix ISCHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes During SPO tests, when mounting F2FS, an -EINVAL error was returned from f2fsrecoverinodepage. The issue occurred under th...

EUVD-2026-9406

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fswriteendio As syzbot reported an use-after-free issue in f2fswriteendio. It is caused by below race condition: loop device umount - workerthread - loopprocesswork - doreqfilebacked - lorwaio -...

CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...

CVE-2026-23234

CVE-2026-23234 affects the Linux kernel F2FS subsystem. A use-after-free can occur in f2fs_write_end_io() due to a race with kill_f2fs_super freeing sbi before writeback complete, allowing access to freed sbi during page cache/inode cleanup. The published fix relocates the checkpoint thread wakeu...

PT-2025-54021

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s f2fs implementation within the replace atomic write block function. A kernel panic can occur if the old addr variable is NULL, leading to a null point...

CVE-2023-54124 f2fs: fix to drop all dirty pages during umount() if cp_error is set

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to drop all dirty pages during umount if cperror is set xfstest generic/361 reports a bug as below: f2fsbugonsbi, sbi-fsyncnodenum; kernel BUG at fs/f2fs/super.c:1627! RIP: 0010:f2fsputsuper+0x3a8/0x3b0 Call Trace:...

CVE-2022-50753

CVE-2022-50753 affects the Linux kernel F2FS recovery paths. Public details in connected documents show a use-after-free in recover_data due to an SSA table corruption (ofs_in_node > ADDRS_PER_PAGE) leading to out-of-bounds access during mount for a fuzzed image. The patch adds sanity checks o...

SUSE CVE-2022-50620

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to invalidate dcc-f2fsissuediscard in error path Syzbot reports a NULL pointer dereference issue as below: refcountadd include/linux/refcount.h:193 inline refcountinc include/linux/refcount.h:250 inline refcountinc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988972)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988972 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: remove WARNON in f2fsisvalidblkaddr Syzbot triggers two WARNs in f2fsisvalidblkaddr and...

CVE-2025-40077 f2fs: fix to avoid overflow while left shift operation

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio-index from pgofft to lofft to avoid overflow while left shift operation...

EUVD-2020-24748

Malware in sbrugna...

EUVD-2022-55585

Malicious code in bioql PyPI...

PT-2025-37906

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the f2fs subsystem. A null pointer dereference in the submit merged write cond function can lead to a kernel crash when io-bio is null. This...

SUSE CVE-2022-50273

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on destination blkaddr during recovery As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=216456 loop5: detected capacity change from 0 to 131072 F2FS-fs loop5:...