113 matches found
CVE-2026-52962
A flaw was found in the Linux kernel, specifically within the Ceph file system's extended attribute handling. A buffer leak occurs in the cephsetxattr function because a previously allocated buffer oldblob is not properly released. This can lead to resource exhaustion over time, potentially causi...
SUSE CVE-2026-52962
In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...
Linux Distros Unpatched Vulnerability : CVE-2026-52962
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the...
EUVD-2026-38830
In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...
CVE-2026-52962
In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...
CVE-2026-52962
In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...
CVE-2026-52962
The CVE refers to the Linux kernel Ceph driver: in __ceph_setxattr(), old_blob can retain ci->i_xattrs.prealloc_blob during a retry, and ceph_buffer_put() is not called for the old_blob, causing a buffer leak. A patch fixes this leak. Connected SUSE advisories (OSV entries) confirm this CVE (C...
CVE-2026-52962 ceph: fix a buffer leak in __ceph_setxattr()
In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...
PT-2026-51856
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer leak occurs in the ceph module within the ceph setxattr function. During a retry operation, the old blob variable can store the value of ci-i xattrs.prealloc blob, but the ceph...
Astra Linux – Vulnerability in linux-astra-modules-5.4, linux-astra-modules-5.10
The vulnerability of the parsechooksetxattr function in the Linux kernel-module astra-modules is related to the lack of checking for the returned value. Exploiting this vulnerability allows a perpetrator to cause a service failure...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed an inode leak in ext4xattrinodecreate, which occurs on an error path. There is a issue when using setxattr with a fault injection: localhost fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 12-Sep-2022 Pass 1: Checking...
CVE-2026-43187
A flaw was found in the Linux kernel's XFS filesystem. Incorrect handling of freemap entries when deleting attribute leaf freemap entries can lead to a situation where zero-length freemap entries with a non-zero base are left behind. Subsequent setxattr operations can cause these entries to overl...
Azure Linux 3.0 Security Update: kernel (CVE-2024-46695)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46695 advisory. - In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001122)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001122 advisory. In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004417)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004417 advisory. In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000755)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000755 advisory. The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003339)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003339 advisory. The simplesetacl function in fs/posixacl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allow...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002742)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002742 advisory. In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002553)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002553 advisory. In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003254)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003254 advisory. The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by...