CVE-2026-46299

A flaw was found in the hfsplus filesystem component of the Linux kernel. An issue exists in the hfsplusfillsuper function where a lock is not properly released during an error handling path. This can occur when certain conditions cause hfspluscatbuildkey to fail during filesystem initialization....

CVE-2026-46299

CVE-2026-46299 (Linux kernel) affects the hfsplus filesystem during mount. hfsplus_fill_super() calls hfs_find_init() to initialize a search structure, which grabs tree->tree_lock. If hfsplus_cat_build_key() fails, control jumps to out_put_root without releasing the lock, causing a later clean...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hfsbnodecreate function in the hfsplus file system. This function returns a node when it...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect setting of a special inode in hfsplus as of the SIFREG type, potentially leading to...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013070)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013070 advisory. In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplusextcacheextent The syzbot reported issue in...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002423)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002423 advisory. Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus...

CVE-2025-40082

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplusuni2asc BUG: KASAN: slab-out-of-bounds in hfsplusuni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290 CPU: 0 UID: 0 PID: 14290...

EUVD-2025-32724

In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARNON from hfspluscatread,writeinode syzbot is hitting WARNON in hfspluscatread,writeinode, for crafted filesystem image can contain bogus length. There conditions are not kernel bugs that can justify kernel ...

EUVD-2012-2312

Malware in sbrugna...

EUVD-2008-4912

Malware in sbrugna...

SUSE CVE-2025-38650

In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutexlock check in hfsplusfreeextents Syzbot reported an issue in hfsplus filesystem: ------------ cut here ------------ WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 hfsplusfreeextents+0x700/0xad0 Call...

CVE-2025-38650

In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutexlock check in hfsplusfreeextents Syzbot reported an issue in hfsplus filesystem: ------------ cut here ------------ WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 hfsplusfreeextents+0x700/0xad0 Call...

DEBIAN-CVE-2025-38650

In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutexlock check in hfsplusfreeextents Syzbot reported an issue in hfsplus filesystem: ------------ cut here ------------ WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 hfsplusfreeextents+0x700/0xad0 Call...

CVE-2025-38650

CVE-2025-38650 affects the Linux kernel hfsplus code path. The issue arises from a deadlock-prone interaction around the extents tree: the code previously invoked mutex_lock in a path leading to hfsplus_free_extents, and a commit (31651c607151) was applied to unlock the extents tree before hfsplu...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-56548)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56548 advisory. - In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical...

Linux Distros Unpatched Vulnerability : CVE-2024-56548

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl...

PT-2025-34411

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the hfsplus filesystem. Syzbot reported an issue where a mutex lock check in hfsplus free extents could trigger warnings and errors during...

Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024194 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions bsc1227651...

CLSA-2024-1727817133 Fix of 74 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2021-47188 - scsi: ufs: core: Improve SCSI abort handling CVE-url: https://ubuntu.com/security/CVE-2024-26677 - rxrpc: Fix delayed ACKs to not set the...

CLSA-2023-1693827560 Fix of 9 CVEs

Jammy update: v5.15.86 upstream stable release LP: 2005113 // CVE-url: https://ubuntu.com/security/CVE-2022-3606 - libbpf: Fix null-pointer dereference in findprogbysecinsn Jammy update: v5.15.87 upstream stable release LP: 2007441 // CVE-url: https://ubuntu.com/security/CVE-2023-23454 - net:...