Linux Distros Unpatched Vulnerability : CVE-2025-71312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate...

CVE-2026-41013

CVE-2026-41013 describes an input validation bypass in the SMB volume mount handling of CloudFoundry Foundation’s diego-release. The vulnerability allows a low-privileged CF space developer to inject arbitrary kernel CIFS mount options by bypassing the mount-option allowlist, enabling privilege e...

CVE-2026-41013 Tenant-controlled comma smuggles arbitrary CIFS mount options

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...

CVE-2026-41013 Tenant-controlled comma smuggles arbitrary CIFS mount options

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...

CVE-2026-41013

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...

PT-2026-45516

Name of the Vulnerable Software and Affected Versions smb-volume-release versions prior to v3.60.0 CF Deployment versions prior to v56.0.0 Description An input validation bypass exists in the SMB volume mount handling within CloudFoundry Foundation diego-release. This allows a low-privileged CF...

CloudFoundry CF Deployment security vulnerabilities

CloudFoundry CF Deployment is a code deployment component of the CloudFoundry Foundation. There is a security vulnerability in CloudFoundry CF Deployment, which stems from a bypass of input validation during SMB volume mounting processes. This vulnerability could allow developers with low...

CVE-2026-41013 - Tenant-controlled comma smuggles arbitrary CIFS mount options | Cloud Foundry

HIGH CVSS 3.1 Score: 8.5 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. smb-volume-release – All versions prior to v3.60.0 CF Deployment – All versions prior to v56.0.0 Description Input validation bypass in SMB volume...

SUSE CVE-2025-71312

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...

EUVD-2025-209966

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...

CVE-2025-71312

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...

CVE-2025-71312 fs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super()

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...

CVE-2025-71312

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...

CVE-2025-71312

The CVE-2025-71312 entry concerns the Linux kernel ntfs3 mount flow. A leak occurs in ntfs_fill_super() where fc->fs_private is set to NULL without freeing the pointed ntfs_mount_options, causing ntfs_fs_free() to skip freeing that structure and triggering a kmemleak report. The issue is repro...

PT-2026-43694

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfs mount options leak in ntfs fill super In ntfs fill super, the fc-fs private pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfs fs free to skip freeing...

CVE-2025-71312

fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from setting the fc-fsprivate pointer to NULL in ntfsfillsuper without releasing the memory it points...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid potential buffer over-reading in parseapplysbmountoptions. Unlike other strings in the ext4 superblock, we rely on tune2fs to ensure that smountopts is terminated with NUL. Harden parseapplysbmountoptions by treating...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed string copying in parseapplysbmountoptions. The strnlen function cannot be used to copy a non-NUL-terminated string into a NUL-terminated string of possibly larger size. Commit 0efc5990bca5 “string.h: Introduce memtos...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: A memory leak in the smb3fscontextParseParam error path has been fixed. Proper cleanup of ctx-source and fc-source was added to the cifsParseMountErr error handler. This ensures that the memory allocated for the source...