63 matches found
CLSA-2026-1779467653 libssh: Fix of 4 CVEs
CVE-2025-4877: prevent base64 integer overflow and potential OOB write - CVE-2025-4878: initialize stack pointers to mitigate use of uninitialized values in legacy privatekeyfromfile path - CVE-2025-8277: fix DH-GEX packet filter and free unused ephemeral / ECDH keys to prevent memory exhaustion...
SUSE CVE-2026-43268
In the Linux kernel, the following vulnerability has been resolved: hfsplus: pretend special inodes as regular files Since commit af153bb63a33 "vfs: catch invalid modes in mayopen" requires any inode be one of SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/ SIFIFO/SIFSOCK type, use SIFREG for special inodes...
CVE-2026-43268
A flaw was found in the HFS Plus hfsplus filesystem within the Linux kernel. This vulnerability occurs because the hfsplus filesystem incorrectly identifies certain special filesystem objects as regular files. This misclassification can lead to inconsistencies with how the operating system's...
EUVD-2026-27663
In the Linux kernel, the following vulnerability has been resolved: hfsplus: pretend special inodes as regular files Since commit af153bb63a33 "vfs: catch invalid modes in mayopen" requires any inode be one of SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/ SIFIFO/SIFSOCK type, use SIFREG for special inodes...
CVE-2026-43268
In the Linux kernel, the following vulnerability has been resolved: hfsplus: pretend special inodes as regular files Since commit af153bb63a33 "vfs: catch invalid modes in mayopen" requires any inode be one of SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/ SIFIFO/SIFSOCK type, use SIFREG for special inodes...
CVE-2026-43268
Summary: CVE-2026-43268 concerns the Linux kernel where the hfsplus filesystem may incorrectly treat certain special inodes as regular files. The root cause is a mismatch in inode type handling for VFS operations after the may_open() adjustment, causing some inodes not to be treated as their true...
CVE-2026-43268
In the Linux kernel, the following vulnerability has been resolved: hfsplus: pretend special inodes as regular files Since commit af153bb63a33 "vfs: catch invalid modes in mayopen" requires any inode be one of SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/ SIFIFO/SIFSOCK type, use SIFREG for special inodes...
CVE-2026-43268
In the Linux kernel, the following vulnerability has been resolved: hfsplus: pretend special inodes as regular files Since commit af153bb63a33 "vfs: catch invalid modes in mayopen" requires any inode be one of SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/ SIFIFO/SIFSOCK type, use SIFREG for special inodes...
CVE-2026-43268 hfsplus: pretend special inodes as regular files
In the Linux kernel, the following vulnerability has been resolved: hfsplus: pretend special inodes as regular files Since commit af153bb63a33 "vfs: catch invalid modes in mayopen" requires any inode be one of SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/ SIFIFO/SIFSOCK type, use SIFREG for special inodes...
PT-2026-37608
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the hfsplus file system where special inodes are not correctly identified. Following a change in the virtual file system VFS that requires inodes to be one of several...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Only dirty folio entries are marked when regular files are journaled. fstest generic/388 occasionally causes a crash that appears as follows: BUG: The kernel dereferes a NULL pointer. Address: 0000000000000000 Call Trace:...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for file systems will collapse the THP for files that are opened in read-only mode and mapped with VMEXEC. The intended use case is to avoid TLB misses f...
CVE-2026-35358
The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...
uutils coreutils Uses Incorrectly-Resolved Name or Reference
The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...
uutils coreutils has an Unchecked Return Value Issue
The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...
GHSA-RX8H-33GR-VHJ9 uutils coreutils' comm utility incorrectly consumes data from non-regular file inputs before performing comparison operations
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...
EUVD-2026-24998
The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...
GHSA-67HP-F6HQ-2H6G uutils coreutils Uses Incorrectly-Resolved Name or Reference
The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...
CVE-2026-35358
The CVE concerns the cp utility in the uutils coreutils project. When performing recursive copies (-R), it mishandles character and block device nodes by treating them as regular stream sources instead of preserving device semantics. The implementation reads bytes into destination regular files r...
CVE-2026-35358
The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...