196 matches found
EUVD-2026-35415
In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb "9p: convert to the new mount API", v9fsapplyoptions applies parsed mount flags with |= onto flags already set by v9fssessioninit. For 9P2000.L,...
CVE-2026-52906
In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb "9p: convert to the new mount API", v9fsapplyoptions applies parsed mount flags with |= onto flags already set by v9fssessioninit. For 9P2000.L,...
PT-2026-47792
In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb "9p: convert to the new mount API", v9fs apply options applies parsed mount flags with |= onto flags already set by v9fs session init. For 9P2000....
Linux Distros Unpatched Vulnerability : CVE-2025-71312
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate...
CVE-2026-41013
CVE-2026-41013 describes an input validation bypass in the SMB volume mount handling of CloudFoundry Foundation’s diego-release. The vulnerability allows a low-privileged CF space developer to inject arbitrary kernel CIFS mount options by bypassing the mount-option allowlist, enabling privilege e...
CVE-2026-41013 Tenant-controlled comma smuggles arbitrary CIFS mount options
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
CVE-2026-41013 Tenant-controlled comma smuggles arbitrary CIFS mount options
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
CVE-2026-41013
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
PT-2026-45516
Name of the Vulnerable Software and Affected Versions smb-volume-release versions prior to v3.60.0 CF Deployment versions prior to v56.0.0 Description An input validation bypass exists in the SMB volume mount handling within CloudFoundry Foundation diego-release. This allows a low-privileged CF...
CloudFoundry CF Deployment security vulnerabilities
CloudFoundry CF Deployment is a code deployment component of the CloudFoundry Foundation. There is a security vulnerability in CloudFoundry CF Deployment, which stems from a bypass of input validation during SMB volume mounting processes. This vulnerability could allow developers with low...
CVE-2026-41013 - Tenant-controlled comma smuggles arbitrary CIFS mount options | Cloud Foundry
HIGH CVSS 3.1 Score: 8.5 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. smb-volume-release – All versions prior to v3.60.0 CF Deployment – All versions prior to v56.0.0 Description Input validation bypass in SMB volume...
SUSE CVE-2025-71312
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...
EUVD-2025-209966
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...
CVE-2025-71312
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...
CVE-2025-71312 fs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super()
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...
CVE-2025-71312
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...
CVE-2025-71312
The CVE-2025-71312 entry concerns the Linux kernel ntfs3 mount flow. A leak occurs in ntfs_fill_super() where fc->fs_private is set to NULL without freeing the pointed ntfs_mount_options, causing ntfs_fs_free() to skip freeing that structure and triggering a kmemleak report. The issue is repro...
PT-2026-43694
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfs mount options leak in ntfs fill super In ntfs fill super, the fc-fs private pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfs fs free to skip freeing...
CVE-2025-71312
fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from setting the fc-fsprivate pointer to NULL in ntfsfillsuper without releasing the memory it points...