313 matches found
DEBIAN-CVE-2026-31571
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Unlink NV12 planes earlier unlinknv12plane will clobber parts of the plane state potentially already set up by planeatomiccheck, so we must make sure not to call the two in the wrong order. The problem happens when a...
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible deadlock between unlink and dioendiowrite ocfs2unlink takes orphan dir inodelock first and then ipallocsem, while in ocfs2dioendiowrite, it acquires these locks in reverse order. This creates an ABBA lock...
EUVD-2026-25491
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible deadlock between unlink and dioendiowrite ocfs2unlink takes orphan dir inodelock first and then ipallocsem, while in ocfs2dioendiowrite, it acquires these locks in reverse order. This creates an ABBA lock...
CVE-2026-31598
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible deadlock between unlink and dioendiowrite ocfs2unlink takes orphan dir inodelock first and then ipallocsem, while in ocfs2dioendiowrite, it acquires these locks in reverse order. This creates an ABBA lock...
CVE-2026-31598
Summary of CVE-2026-31598 (ocfs2 deadlock) : In the Linux kernel OCFS2, a potential deadlock arises from ABBA lock ordering between unlink and dio_end_io_write. The path in unlink acquires inode_lock (orphan_dir_inode) before ip_alloc_sem, while dio_end_io_write acquires ip_alloc_sem first, then ...
CVE-2026-31598
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible deadlock between unlink and dioendiowrite ocfs2unlink takes orphan dir inodelock first and then ipallocsem, while in ocfs2dioendiowrite, it acquires these locks in reverse order. This creates an ABBA lock...
CVE-2026-31571
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Unlink NV12 planes earlier unlinknv12plane will clobber parts of the plane state potentially already set up by planeatomiccheck, so we must make sure not to call the two in the wrong order. The problem happens when a...
Linux Distros Unpatched Vulnerability : CVE-2026-31571
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/i915: Unlink NV12 planes earlier unlinknv12plane will clobber parts of the plane state potentially already set up by planeatomiccheck, so we must make sure...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from inconsistent lock order between the unlink operation of the ocfs2 file system and the dioendiowrite...
PT-2026-34950
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur in the ocfs2 module due to an ABBA lock ordering violation between the ocfs2 unlink and ocfs2 dio end io write functions. The ocfs2 unlink function acquires the orph...
CVE-2026-35355
The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file installation. The implementation unlinks an existing destination file and then recreates it using a path-based operation without the OEXCL flag. A local attacker can exploit t...
CVE-2026-31511
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmtaddadvpatternsmonitorcomplete This fixes the condition checking so mgmtpendingvalid is executed whenever status != -ECANCELED otherwise calling mgmtpendingfreecmd would kfreecmd withou...
PT-2026-34491
The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file installation. The implementation unlinks an existing destination file and then recreates it using a path-based operation without the O EXCL flag. A local attacker can exploit...
CVE-2026-41058
WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Commit...
CVE-2026-41058
WWBN AVideo (open source video platform) is affected in versions 29.0 and below by an incomplete fix for a path-traversal issue in the CloneSite deleteDump parameter. The vulnerability allows an attacker to cause unlink() of arbitrary files via GET parameter ../../ sequences due to missing path-t...
EUVD-2026-23935
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...
CVE-2026-33631
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 branch and earlier, the opfilter Endpoint Security system extension enforced file access policy exclusively by intercepting ESEVENTTYPEAUTHOPEN events. Seven additional file...
CVE-2026-33631 ClearanceKit: opfilter policy bypass via non-open file operations
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 branch and earlier, the opfilter Endpoint Security system extension enforced file access policy exclusively by intercepting ESEVENTTYPEAUTHOPEN events. Seven additional file...
CVE-2026-33631
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 branch and earlier, the opfilter Endpoint Security system extension enforced file access policy exclusively by intercepting ESEVENTTYPEAUTHOPEN events. Seven additional file...
netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
...