265 matches found
CVE-2026-46106
In the Linux kernel, the following vulnerability has been resolved: eventfs: Hold eventfsmutex and SRCU when remount walks events Commit 340f0c7067a9 "eventfs: Update all the eventfsinodes from the events descriptor" had eventfssetattrs recurse through ei-children on remount. The walk only holds...
CVE-2026-46106
The CVE concerns the Linux kernel eventfs/tracing path. A remount walk over eventfs_inodes could race: tracefs_apply_options() held only an rcu_read_lock() while eventfs_inodes were freed via SRCU, and writes to ei->attr raced with eventfs_set_attr() which holds eventfs_mutex. The fix, describ...
kernel: mm: thp: deny THP for files on anonymous inodes
A flaw was found in the Linux kernel's Transparent Huge Pages THP mechanism. This vulnerability occurs because the filethpenabled function incorrectly allows THP for files on anonymous inodes, which are not designed for this feature. An attacker could potentially exploit this by manipulating...
PT-2026-44229
In the Linux kernel, the following vulnerability has been resolved: eventfs: Hold eventfs mutex and SRCU when remount walks events Commit 340f0c7067a9 "eventfs: Update all the eventfs inodes from the events descriptor" had eventfs set attrs recurse through ei-children on remount. The walk only...
CVE-2026-46002
A flaw was found in the Linux kernel's ext2 filesystem. A local attacker could create a specially crafted filesystem image with malformed inodes index nodes that, when mounted, would not be properly rejected by the ext2iget function. This could lead to a kernel warning and potentially a system...
Linux Distros Unpatched Vulnerability : CVE-2026-46002
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext2: reject inodes with zero inlink and valid mode in ext2iget ext2iget already rejects inodes with inlink == 0 when imode is zero or idtime is set, treating...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixing inode number range checks The patch series “nilfs2: Fixing potential issues related to reserved inodes” addresses one use-after-free issue reported by syzbot. This issue arises due to the internal inode of nilfs...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mm: thp: Deny THP for files on anonymous inodes The filethpenabled function incorrectly allows THP for files on anonymous inodes e.g., guestmemfd and secretmem. These files are created using allocfilepseudo, which does not cal...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Always detect conflicting inodes when logging inode refs After a rename operation either through the rename exchange operation or through regular renames in multiple non-atomic steps, when two inodes are renamed and at lea...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Nilfs2: Added a missing check for inode numbers on directory entries. Syzbot reported that mounting and unmounting a specific pattern of corrupted Nilfs2 filesystem images causes a use-after-free of metadata file inodes, which...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: ext2: Added more validation checks for inode counts. Checks were added to ensure that the number of inodes stored in the superblock matches the number calculated based on the number of inodes per group. It was also verified th...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed the inode leak in btrfsiget. BUG There is a bug report that a syzbot reproducer can cause the following issue: A busy inode occurs at the time of unmount: - BTRFS info device loop1: Last unmount of the filesystem...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: jfs: Rejects inodes of an unsupported type that are on the disk. Syzbot has reported the following bug: Kernel bug at fs/inode.c:668! Oops: invalid opcode: 0000 1 PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit No...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed invalid inode pointer dereferences during log replay. In a few places where we call readoneinode, if we receive a NULL pointer, we end up entering an error path. This issue also occurs in cases where add inoderef is...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: sysctl: Always initialize iuid/igid. iuid/igid is always initialized within the sysfs core, so setownership can safely skip setting them. Commit 5ec27ec735ba “fs/proc/procsysctl.c: fix the default values of iuid/igid on...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: UDF: Detection of system inodes linked into the directory hierarchy When the UDF filesystem is corrupted, hidden system inodes may be linked into the directory hierarchy. This can lead to further serious corruption of the...
SUSE CVE-2026-43268
In the Linux kernel, the following vulnerability has been resolved: hfsplus: pretend special inodes as regular files Since commit af153bb63a33 "vfs: catch invalid modes in mayopen" requires any inode be one of SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/ SIFIFO/SIFSOCK type, use SIFREG for special inodes...
CVE-2026-42443
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...
CVE-2026-42443
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...
CVE-2026-42443
NanaZip (open source archiver) contains a local-denial bug in its UFS/UFS2 filesystem image parser. From versions 5.0.1252.0 up to before 6.0.1698.0, an integer divide-by-zero occurs when opening a crafted UFS image where the superblock field fs_ipg (inodes per cylinder group) is zero. The parser...