Linux Distros Unpatched Vulnerability : CVE-2026-46124

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or...

CVE-2026-46124

A flaw was found in the Linux kernel's isofs filesystem. An authenticated NFS Network File System peer can exploit this vulnerability by providing a specially crafted file handle. This allows the server to read arbitrary in-range blocks on the backing device, leading to information disclosure whe...

CVE-2026-46124

In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...

UBUNTU-CVE-2026-46124

In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...

CVE-2026-46124

In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...

CVE-2026-46124

CVE-2026-46124 affects the Linux kernel isofs filesystem. The vulnerability arises because isofs_fh_to_dentry/isofs_fh_to_parent pass an attacker-controlled block number from an NFS file handle to isofs_export_iget(), which only rejects block == 0 before calling isofs_iget and sb_bread. A crafted...

EUVD-2026-32883

In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...

CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget

In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...

PT-2026-44247

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The issue exists in the isofs module where isofs fh to dentry and isofs fh to parent pass an attacker-controlled block numbe...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: isofs: Prevention of using too small fid values. The syzbot reported a slab-out-of-bounds read in isofsfhtoparent.1 The handlebytes value passed by the reproducing program is equal to 12. In handletopath, only 12 bytes of memo...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: isofs: Fix out of bound access for corrupted isofs image When isofs image is suitably corrupted isofsreadinode can read data beyond the end of buffer. Sanity-check the directory entry length before using it...

CLSA-2026-1773056241 kernel: Fix of 21 CVEs

i40e: fix IRQ freeing in i40evsirequestirqmsix error path CVE-2025-39911 - media: rc: fix races with imondisconnect CVE-2025-39993 - VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify CVE-2025-38102 - partitions: mac: fix handling of bogus partition table CVE-2025-21772 - tracing:...

CLSA-2026-1773046740 kernel: Fix of 21 CVEs

i40e: fix IRQ freeing in i40evsirequestirqmsix error path CVE-2025-39911 - media: rc: fix races with imondisconnect CVE-2025-39993 - VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify CVE-2025-38102 - partitions: mac: fix handling of bogus partition table CVE-2025-21772 - tracing:...

CLSA-2026-1773046198 kernel: Fix of 31 CVEs

smb3: fix for slab out of bounds on mount to ksmbd CVE-2025-38728 - netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 - ALSA: usb-audio: Validate UAC3 power domain descriptors, too CVE-2025-38729 - net: atm: fix /proc/net/atm/lec handling CVE-2025-38180 - tcpbpf:...

ROS-20260126-73-0057

A vulnerability in the isofs component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37780)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37780 advisory. - In the Linux kernel, the following vulnerability has been resolved: isofs: Prevent the use of too small fid...

MiracleLinux 7 : kernel-3.10.0-229.7.2.el7 (AXSA:2015-216:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-216:01 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000889)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000889 advisory. Stack consumption vulnerability in the parserockridgeinodeinternal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denia...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002386)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002386 advisory. Stack consumption vulnerability in the parserockridgeinodeinternal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denia...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002634)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002634 advisory. The getrockridgefilename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM aka alternate name entries containing \0 characters, which allows...