9 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: erofs: Fix for lz4 inplace decompression Currently, EROFS can map another compressed buffer for inplace decompression, which was used to handle cases where some pages of compressed data are not actually in-place I/O. However, lik...
CVE-2026-45999 erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()
In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...
CVE-2026-45999
The CVE-2026-45999 issue affects the Linux kernel EROFS LZ4 inplace decompression path (z_erofs_lz4_handle_overlap). Crafted extents can trigger an unsigned underflow (outpages
SUSE CVE-2023-52497
In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...
DEBIAN-CVE-2023-52497
In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...
CVE-2023-52497
In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...
UBUNTU-CVE-2023-52497
In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...
CVE-2023-52497
CVE-2023-52497 affects the Linux kernel EROFS: the vulnerability stems from in-place LZ4 decompression where two mapped buffers could cause data corruption due to overlapping buffers and buffer ordering, especially on newer Intel CPUs with FS RM. The fix switches to using the decompressed buffer ...
CVE-2023-52497 erofs: fix lz4 inplace decompression
In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...