EUVD-2025-19780

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-45469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In f2fssetxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry...

Linux Distros Unpatched Vulnerability : CVE-2019-19449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fsbuildsegmentmanager in fs/f2fs/segment.c,...

Linux Distros Unpatched Vulnerability : CVE-2021-3506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds OOB memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure...

CVE-2022-50013 f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use f2fsbugon in f2fsnewnodepage As Dipanjan Das reported, syzkaller found a f2fs bug as below: RIP: 0010:f2fsnewnodepage+0x19ac/0x1fc0 fs/f2fs/node.c:1295 Call Trace: writeallxattrs fs/f2fs/xattr.c:487 inline...

CVE-2025-23132

In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix to avoid warning in dquotwritebackdquots F2FS-fs dm-59: checkpoint=enable has some unwritten data. ------------ cut here ------------ WARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691...

CVE-2022-49742

The CVE-2022-49742 issue affects the Linux kernel’s f2fs code. It describes a lock initialization order problem where spin_lock(&sbi->error_lock) is taken before spin_lock_init() is called, flagging a lockdep warning in f2fs_handle_error(). The recommended remediation is to initialize locks (a...

CVE-2022-49255

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fshandlefailedinode This patch fixes xfstests/generic/475 failure. 293.680694 F2FS-fs dm-1: May loss orphan inode, run fsck to fix. 293.685358 Buffer I/O error on dev dm-1, logical block 8388592,...

CVE-2022-49363

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on block address in f2fsdozerorange As Yanming reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215894 I have encountered a bug in F2FS file system in kernel v5.17. I have uploaded the...

CVE-2022-49361

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check for inline inode Yanming reported a kernel bug in Bugzilla kernel 1, which can be reproduced. The bug message is: The kernel message is shown below: kernel BUG at fs/inode.c:611! Call Trace:...

CVE-2022-49317

CVE-2022-49317 relates to the Linux kernel’s f2fs code, where an infinite loop could occur while flushing node pages, triggered by certain xfstests/generic/475 scenarios that could yield sustained EIO. The provided documents indicate a resolved issue in f2fs: avoid infinite loop to flush node pag...

CVE-2024-47690 f2fs: get rid of online repaire on corrupted directory

In the Linux kernel, the following vulnerability has been resolved: f2fs: get rid of online repaire on corrupted directory syzbot reports a f2fs bug as below: kernel BUG at fs/f2fs/inode.c:896! RIP: 0010:f2fsevictinode+0x1598/0x15c0 fs/f2fs/inode.c:896 Call Trace: evict+0x532/0x950 fs/inode.c:704...

CVE-2024-38636

In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list 1, kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 test gap zone support with F2FS failed runtime...

CVE-2023-52848 f2fs: fix to drop meta_inode's page cache in f2fs_put_super()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to drop metainode's page cache in f2fsputsuper syzbot reports a kernel bug as below: F2FS-fs loop1: detect filesystem reference count leak during umount, type: 10, count: 1 kernel BUG at fs/f2fs/super.c:1639! CPU: 0 PID...

CVE-2021-47007

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fsresizefs f2fsresizefs hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA - sync - resize filesystem to 8GB kernel BUG at...

CVE-2023-52444 f2fs: fix to avoid dirent corruption

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid dirent corruption As Al reported in link1: f2fsrename ... if olddir != newdir && !whiteout f2fssetlinkoldinode, olddirentry, olddirpage, newdir; else f2fsputpageolddirpage, 0; You want correct inumber in the "....

CVE-2019-19815

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fsrecoverfsyncdata in fs/f2fs/recovery.c. This is related to F2FSPSB in fs/f2fs/f2fs.h...

CVE-2017-18241

fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service NULL pointer dereference and panic by using a noflushmerge option that triggers a NULL value for a flushcmdcontrol data structure...