kernel: proc: fix UAF in proc_get_inode()

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: A NULL dereference in niwriteinode has been fixed. Syzbot reports a NULL dereference in niwrite inode. When creating a new inode, if the allocation fails in the miinit function called in the miformatnew function, mi-mre...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021551)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021551 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written t...

CVE-2022-50845

In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4xattrinodecreate on an error path There is issue as follows when do setxattr with inject fault: localhost fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 12-Sep-2022 Pass 1: Checking inodes, blocks, and sizes...

CVE-2022-50845

In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4xattrinodecreate on an error path There is issue as follows when do setxattr with inject fault: localhost fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 12-Sep-2022 Pass 1: Checking inodes, blocks, and sizes...

PT-2025-49726

In the Linux kernel, the following vulnerability has been resolved: ext4: don't clear SB RDONLY when remounting r/w until quota is re-enabled When a file system currently mounted read/only is remounted read/write, if we clear the SB RDONLY flag too early, before the quota is initialized, and ther...

Linux Distros Unpatched Vulnerability : CVE-2023-53732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: Fix NULL dereference in niwriteinode Syzbot reports a NULL dereference in niwriteinode. When creating a new inode, if allocation fails in miinit...

CVE-2023-53732

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL dereference in niwriteinode Syzbot reports a NULL dereference in niwriteinode. When creating a new inode, if allocation fails in miinit function called in miformatnew function, mi-mrec is set to NULL. In the...

CVE-2023-53732

CVE-2023-53732 affects the Linux kernel component fs/ntfs3 where a NULL dereference can occur in ni_write_inode when inode creation fails and mi->mrec is NULL. The root cause is allocation failure in mi_init (called from mi_format_new), after which a NULL mrec is later dereferenced in ni_write...

EUVD-2007-4830

Malware in sbrugna...

EUVD-2025-31988

Malicious code in bioql PyPI...

CVE-2022-50435 ext4: avoid crash when inline data creation follows DIO write

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written to using direct IO, there is nothing to clear the EXT4STATEMAYINLINEDATA flag. Thus when inode gets truncated later to say 1 byte and...

kernel: proc: fix UAF in proc_get_inode()

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

DEBIAN-CVE-2025-21999

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

Low: ecs-init

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between t...

Low: runc

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between t...

CVE-2024-40972

In the Linux kernel, the following vulnerability has been resolved: ext4: do not create EA inode under buffer lock ext4xattrsetentry creates new EA inodes while holding buffer lock on the external xattr block. This is problematic as it nests all the allocation locking which acquires locks on othe...

SUSE CVE-2007-4849

JFFS2, as used on One Laptop Per Child OLPC build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during 1 inode creation or 2 ACL setting, which might allow local users to access restricted files or directories after a remount of a...