Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: added a sanity check on sitbitmapsize. With the above testcase, resizing will generate a corrupted image that contains inconsistent metadata. Therefore, when mounting such an image, it will trigger a kernel panic. Steps to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Fix for crashes when mounting with quota enabled There is a reported crash when mounting ocfs2 with quota enabled. Traceback: RIP: 0010:ocfs2qinfolockresinit+0x44/0x50 ocfs2 Call trace: ocfs2localreadinfo+0xb9/0x6f0 ocfs2...

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003029)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003029 advisory. A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a...

SUSE CVE-2022-50739

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check for inode operations This adds a sanity check for the iop pointer of the inode which is returned after reading Root directory MFT record. We should check the iop is valid before trying to create t...

Linux Distros Unpatched Vulnerability : CVE-2025-40235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: directly free partially initialized fsinfo in btrfscheckleakedroots If fsinfo-supercopy or fsinfo-superforcommit allocated failed in btrfsgettreesubvol,...

Linux Distros Unpatched Vulnerability : CVE-2022-50262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: Validate BOOT recordsize When the NTFS BOOT recordsize field recordbits calculation through blksizebits assumes the size always 256, which could lead ...

DEBIAN-CVE-2022-50262

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate BOOT recordsize When the NTFS BOOT recordsize field recordbits calculation through blksizebits assumes the size always 256, which could lead to NPD while mounting a malformed NTFS image. 318.675159 BUG: kernel...

DEBIAN-CVE-2022-49831

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: initialize device's zone info for seeding When performing seeding on a zoned filesystem it is necessary to initialize each zoned device's btrfszoneddeviceinfo structure, otherwise mounting the filesystem will cause ...

SUSE CVE-2022-49274

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix crash when mount with quota enabled There is a reported crash when mounting ocfs2 with quota enabled. RIP: 0010:ocfs2qinfolockresinit+0x44/0x50 ocfs2 Call Trace: ocfs2localreadinfo+0xb9/0x6f0 ocfs2...

Virtuozzo Hybrid Infrastructure 5.2 Update 1 (5.2.1-57)

This update provides full support for Authorization Code Flow, as well as bug fixes and improvements. Vulnerability id: VSTOR-57337 It is impossible to set the disk role to "Unassigned" while joining a node to the cluster. Vulnerability id: VSTOR-57187 Unable to add an iSCSI target with multiple...

GSD-2022-1001306 ocfs2: fix crash when mount with quota enabled

ocfs2: fix crash when mount with quota enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

USN-4708-1 linux, linux-lts-xenial vulnerabilities

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service system crash. CVE-2018-13093 It was discovered that the btrfs fi...

USN-3678-1 linux, linux-aws, linux-gcp, linux-kvm vulnerabilities

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service system crash when mounted. CVE-2018-1092 It was discovered...

kernel: ext4: avoid divide by zero when trying to mount a corrupted file system

The ext4fillflexinfo function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service divide-by-zero error and panic via a malformed ext4 filesystem containing a super block with a large FLEXBG group size aka sloggroupsperflex...