6 matches found
CVE-2026-34961
barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...
MGASA-2025-0188 Updated udisks2 & libblockdev packages fix security vulnerabilities
A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...
Exploit for CVE-2025-6019
CVE-2025-6019: Privilege Escalation Exploit via UDisks2 Filesy...
kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values
A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image...
Privilege Escalation
chromium is vulnerable to privilege escalation. Inappropriate implementation in installer allows a local attacker to elevate privilege via a malicious filesystem...
Privilege Escalation
chromium is vulnerable to Privilege Escalation. Insufficient data validation in installer allows a local attacker to elevate privilege via a malicious filesystem...