105 matches found
DEBIAN-CVE-2026-53309
In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...
CVE-2026-53040
A flaw was found in the Oracle Cluster File System Release 2 OCFS2 in the Linux kernel. A local attacker with the ability to craft a malicious OCFS2 filesystem could trigger a use-after-free vulnerability. This occurs when the OCFS2IOCINFO ioctl is issued with the OCFS2INFOFLNONCOHERENT flag,...
CVE-2026-53043
A flaw was found in the Linux kernel's Oracle Cluster File System 2 OCFS2 Distributed Lock Manager DLM. A remote attacker could exploit this vulnerability by sending a specially crafted network message. Insufficient validation of the qrnumregions field in the dlmmatchregions function allows for...
CVE-2026-53039
A flaw was found in the OCFS2 Oracle Cluster File System 2 component of the Linux kernel. A local user could exploit an input validation vulnerability in the OCFS2IOCGROUPADD ioctl. This flaw allows an attacker to trigger a kernel panic, resulting in a denial of service DoS for the affected syste...
CVE-2026-53041
A flaw was found in the Linux kernel's Oracle Cluster File System version 2 OCFS2. When an OCFS2 inode has both inline and and block-based extended attributes xattrs, the listxattr function can return a size larger than the caller's buffer. This incorrect size handling can lead to a kernel bug an...
Linux Distros Unpatched Vulnerability : CVE-2026-53041
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block- based xattrs, listxattr can return a size larger than the...
CVE-2026-53040 ocfs2: validate bg_bits during freefrag scan
In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate bgbits during freefrag scan BUG A crafted filesystem can trigger an out-of-bounds bitmap walk when OCFS2IOCINFO is issued with OCFS2INFOFLNONCOHERENT. BUG: KASAN: use-after-free in instrumentatomicread...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: Relaxing the BUG function to ocfs2error in ocfs2moveextent In ocfs2moveextent, relocating the BUG function to ocfs2error is necessary to avoid causing the entire kernel to crash due to filesystem corruption...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ocfs2: Fix for defragmentation path triggering jbd2 assertion. Code paths: - ocfs2ioctlmoveextents - ocfs2moveextents - ocfs2defragextent - ocfs2moveextent - + ocfs2journalaccessdi - + ocfs2splitextent // Sub-path calls...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ocfs2: The ltreedepth field was validated to prevent out-of-bounds access. The ltreedepth field is 16-bit le16, but the actual maximum depth is limited to OCFS2MAXPATHDEPTH. A check was added to prevent out-of-bounds access if th...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ocfs2: Clearing the extent cache after moving/defragmenting extents The extent map cache can become stale when extents are moved or defragmented, causing subsequent operations to see outdated extent flags. This triggers a BUGON i...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: dlmfs: Fixed error handling for userdlmdestroyLock. When userdlmdestroyLock fails, it does not clean up the flags it set before exiting. For the USERLOCKINTEARDOWN condition, if this function fails because the lock is...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ocfs2: Mounting fails due to a buffer overflow in strlen. Starting with kernel 5.11, when building with CONFIGFORTIFYSOURCE, mounting an ocfs2 filesystem using either o2cb or pcmk cluster stack will fail. The issue seems to be th...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: Reserving space for inline xattr before attaching the reflink tree. One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: Added bounds checking to ocfs2checkdirentry. This adds sanity checks for ocfs2direntry to ensure that all members of ocfs2direntry do not go beyond the valid memory region...
ocfs2: split transactions in dio completion to avoid credit exhaustion
...
CVE-2026-46080
CVE-2026-46080 : In the Linux kernel, the ocfs2 code path is fixed to prevent credit-exhaustion during direct I/O (dio) by splitting transactions in dio completion and batching extent handling. The patch relocates removing inodes from the orphan list until the extent tree update completes, reduci...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper transaction splitting during direct I/O completion in ocfs2, potentially leading to...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring: Fixed a fget leak when the file system does not support nowait-buffered read operations. Heming reported a bug when using iouring for link-cp operations on ocfs2. 1 The following steps can reproduce this bug: 1. Mount th...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ocfs2: Fixed data corruption after a failed write operation. When buffering a write attempt fails and data cannot be copied into the underlying page cache, the ocfs2writeendnolock function simply zeroes out and dirtyens the page...