jffs2: check that raw node were preallocated before writing summary

...

CVE-2025-38328

CVE-2025-38328 concerns the Linux kernel JFFS2 subsystem. The issue arises from insufficient validation after jffs2_prealloc_raw_node_refs() completion, allowing a null pointer dereference in jffs2_link_node_ref and leading to a local, attacker-controlled disruption as described by the Syzkaller ...

DEBIAN-CVE-2025-38194

In the Linux kernel, the following vulnerability has been resolved: jffs2: check that raw node were preallocated before writing summary Syzkaller detected a kernel bug in jffs2linknoderef, caused by fault injection in jffs2preallocrawnoderefs. jffs2sumwritesumnode doesn't check return value of...

CVE-2025-38194 jffs2: check that raw node were preallocated before writing summary

In the Linux kernel, the following vulnerability has been resolved: jffs2: check that raw node were preallocated before writing summary Syzkaller detected a kernel bug in jffs2linknoderef, caused by fault injection in jffs2preallocrawnoderefs. jffs2sumwritesumnode doesn't check return value of...

go -- archive/zip: overflow in preallocation check can cause OOM panic

The Go project reports: An oversight in the previous fix still allows for an OOM panic when the indicated directory size in the archive header is so large that subtracting it from the archive size overflows a uint64, effectively bypassing the check that the number of files in the archive is...