Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: sysfs: Prevent division by zero This issue prevents division by zero when monitoring is not enabled...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fixed an SError in ufshcdrtcwork during UFS suspend. In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work. However, this function is called after ufshcdvopssuspendhba, pmop, POSTCHANGE...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sc8180x: Mark CO0 BCM as keepalive. The CO0 BCM needs to remain active at all times. Otherwise, some hardware such as the UFS controller will lose its connection to the rest of the SoC, resulting in a system...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix invalid probe error return value After the DME Link startup, the error return value is set to the MIPI UniPro GenericErrorCode, which can be either 0 SUCCESS or 1 FAILURE. During a driver probe, an error code...

CVE-2026-42442

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

CVE-2026-44215

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

CVE-2026-42445

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...

EUVD-2026-29793

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

CVE-2026-44215 NanaZip: Heap out-of-bounds write in NanaZip UFS directory parser

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

CVE-2026-44215

Summary: NanaZip versions 5.0.1252.0 through before 6.0.1698.0 contain a bug in the UFS/UFS2 filesystem image parser that allows a one-byte heap out-of-bounds null write when opening a crafted UFS image. Vulnerability details: attacker-controlled byte offset within a ~254-byte window past the hea...

CVE-2026-42445 NanaZip: Uncontrolled recursion in NanaZip UFS directory traversal causes stack exhaustion

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...

CVE-2026-42445

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...

CVE-2026-42445

NanaZip 5.0.1252.0–before 6.0.1698.0 contains an uncontrolled recursion vulnerability in the UFS/UFS2 filesystem image parser. The function GetAllPaths recurses into subdirectories without a depth limit or visited-inode tracking, allowing a crafted UFS image with a very deep directory tree or an ...

EUVD-2026-29788

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...

CVE-2026-42443 NanaZip: Integer divide-by-zero in NanaZip UFS inode offset calculation

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...

CVE-2026-42442

Summary: CVE-2026-42442 affects NanaZip, an open source file archive, in versions 5.0.1252.0 through before 6.0.1698.0. A null‑pointer dereference occurs in the UFS/UFS2 filesystem image parser when opening a crafted UFS image whose root inode (inode 2) is set to IFLNK (symlink) instead of IFDIR ...

CVE-2026-42442

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

CVE-2026-42442 NanaZip: Null-pointer dereference in NanaZip UFS parser when root inode is a symlink

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

PT-2026-40361

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

CVE-2026-43415

A flaw was found in the Linux kernel's Universal Flash Storage UFS host controller driver scsi: ufs: core. A race condition exists during the UFS suspend process, where a timing issue can cause critical operations to execute out of sequence. This can lead to an Asynchronous SError Interrupt and a...