5 matches found
PT-2026-51909
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the erofs component where the lcn variable was typed as unsigned long or unsigned int. On 32-bit platforms, this variable is only 32 bits wide, leading to the truncati...
CVE-2025-68251
In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loops due to corrupted subpage compact indexes Robert reported an infinite loop observed by two crafted images. The root cause is that clusterofs can be larger than lclustersize for !NONHEAD lclusters in...
GO-2025-3985 kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace in github.com/kcp-dev/kcp
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace in github.com/kcp-dev/kcp...
EUVD-2025-31346
Malicious code in bioql PyPI...
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace
Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...