13 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: Cancel dqisyncwork before freeing oinfo. The ocfs2globalreadinfo function will initialize and schedule dqisyncwork at the end. If an error occurs after successfully reading the global quota, the following warning will be...
EUVD-2022-55129
Malicious code in bioql PyPI...
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2025-1520)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : cifs: Fix UAF in cifsdemultiplexthread.CVE-2023-52572 xsk: fix OOB map writes when deleting elementsCVE-2024-56614 net: defer final 'struct net'...
Linux Distros Unpatched Vulnerability : CVE-2024-26878
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quota: Fix potential NULL pointer dereference Below race may cause NULL pointer dereference P1 P2 dquotfreeinode quotaoff dropdquotref removedquotref dquots =...
UBUNTU-CVE-2024-57892
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqipriv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quotagetnextquota. Specifically, sbdqinfosb,...
kernel: quota: Fix potential NULL pointer dereference
In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference Below race may cause NULL pointer dereference P1 P2 dquotfreeinode quotaoff dropdquotref removedquotref dquots = idquotinode dquots = idquotinode srcureadlock dquotscnt != NULL 1...
CVE-2024-26878
In CVE-2024-26878, the Linux kernel quota NULL pointer dereference is addressed: a race between dquot_free_inode (or related) and quota_off can dereference an inode quota pointer after it is nulled. The fix uses a temporary pointer to prevent the use-after-free: if inode quota pointers are access...
Default credentials
When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming th...
SUSE CVE-2019-15538
An issue was discovered in xfssetattrnonsize in fs/xfs/xfsiops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfssetattrnonsize is failing to unlock the ILOCK after the xfsqmvopchownreserve call fails. This is primarily a local...
GSD-2023-1001526 ext4: init quota for 'old.inode' in 'ext4_rename'
ext4: init quota for 'old.inode' in 'ext4rename' This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...
Design/Logic Flaw
In the Linux kernel before 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...
Citrix Profile Management: VHDX-based Outlook cache and Outlook search index on a user basis.
Feature Description To address two Outlook-related performance issues in Profile Management, version 7.18 introduced a new user-based Outlook search index database, stored as a VHDX file. In addition, the Outlook cache .OST file can also be stored as a VHDX file. Note: Profile Management provides...
MeltingIce File System <= 1.0 - Remote Arbitrary Add-User Exploit
No description provided by source. !/usr/bin/perl use strict; use LWP::UserAgent; NOTE: user a pretty uniqe username, has the script will say successfull if a username aready existed! NOTE: exploit is mainly to get a nice quota, but it can also to be used to add a user primeraly because alot of...