DEBIAN-CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

f2fs: ensure node page reads complete before f2fs_put_super() finishes

...

CVE-2025-71107 f2fs: ensure node page reads complete before f2fs_put_super() finishes

In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads complete before f2fsputsuper finishes Xfstests generic/335, generic/336 sometimes crash with the following message: F2FS-fs dm-0: detect filesystem reference count leak during umount, type: 9, count: ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a node page read not ending before f2fsputsuper completes, potentially leading to a file system reference...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990203)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990203 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault When trying to use...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault The Linux kernel CVE team has assigned CVE-2024-26906 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024041746-CVE-2024-26906-bb35@gregk...

CVE-2024-26906

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault When trying to use copyfromkernelnofault to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address:...

CVE-2024-26906 x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault When trying to use copyfromkernelnofault to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address:...

CVE-2024-26906 x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault When trying to use copyfromkernelnofault to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address:...

CVE-2024-26906

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault When trying to use copyfromkernelnofault to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address:...

CVE-2024-26906

CVE-2024-26906 : In the Linux kernel, x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault(). A bpf program reading the vsyscall page with bpf_probe_read_kernel() can trigger copy_from_kernel_nofault(), which calls __get_user_asm() and may fault because the vsyscall page is not readab...

PT-2025-8251

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to an infinite loop in the f2fs file system, which can occur when flushing node pages. This loop can be triggered by xfstests/generic/475, resulting in an EIO error...

UBUNTU-CVE-2018-15159

DISPUTED The libesedbpagereadtags function in libesedbpage.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments...

PT-2018-12913 · Libesedb · Libesedb

Name of the Vulnerable Software and Affected Versions: libesedb versions prior to 2018-04-01 Description: The issue allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. This is due to a problem in the libesedb page read values function in libesedb page.c. The...

PT-2018-12914 · Libesedb · Libesedb

Name of the Vulnerable Software and Affected Versions: libesedb versions prior to 2018-04-01 Description: The issue allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. This is due to a problem in the libesedb page read tags function in libesedb page.c. The...