2 matches found
CVE-2026-39243
The CVE affects decompress prior to 4.2.2. A hardlink entry (type 'link') with an absolute linkname is passed to fs.link() during extraction without validation, enabling an attacker to create a hardlink inside the extraction directory that points to an arbitrary file on the same filesystem. This ...
PT-2024-8531
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a use-after-free vulnerability in the btrfs file system. It can be triggered when mounting btrfs from two images with the same fsid and different dev uuids in a...