35 matches found
SUSE CVE-2026-43075
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2writeendinline KASAN reports a use-after-free write of 4086 bytes in ocfs2writeendinline, called from ocfs2writeendnolock during a copyfilerange splice fallback on a corrupted ocfs2 filesyst...
PT-2026-37385
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write exists in the ocfs2 write end inline function. The issue occurs because ocfs2 try to write inline data relies on the on-disk id count field to determine if a write...
f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()
...
CVE-2026-31715
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi-nrpages in f2fswriteendio The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:...
EUVD-2026-26524
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi-nrpages in f2fswriteendio The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:...
CVE-2026-31715
In Linux kernel (f2fs), CVE-2026-31715 is a use-after-free triggered by decrementing sbi->nr_pages[] during F2FS_WB_CP_DATA handling. The root cause is that f2fs_put_super() calls iput(sbi->node_inode) and NULLs the node_inode after the counter reaches zero, allowing f2fs_in_warm_node_list(...
EUVD-2026-26511
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblocking f2fswaitonallpages in f2fsputsuper on a concurrent unmount CPU. The...
CVE-2026-31702
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblocking f2fswaitonallpages in f2fsputsuper on a concurrent unmount CPU. The...
CVE-2026-31702
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblocking f2fswaitonallpages in f2fsputsuper on a concurrent unmount CPU. The...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the reuse of freed memory during the decrementing of sbi-nrpages in f2fswriteendio. This could le...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper order of calls to decpagecount in f2fscompresswriteendio. This could lead to accessi...
PT-2026-36345
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free condition exists in the f2fs component of the Linux kernel. The issue occurs in the f2fs write end io function when sbi-nr pagesF2FS WB CP DATA is decremented to zero...
SUSE CVE-2026-23265
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in read,writeendio ----------- cut here ------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: blkupdaterequest+0x5eb/0xe70 block/blk-mq.c:987 blkmqendrequest+0x3e/0x70...
EUVD-2026-12904
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in read,writeendio ----------- cut here ------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: blkupdaterequest+0x5eb/0xe70 block/blk-mq.c:987 blkmqendrequest+0x3e/0x70...
CVE-2026-23265
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in read,writeendio ----------- cut here ------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: blkupdaterequest+0x5eb/0xe70 block/blk-mq.c:987 blkmqendrequest+0x3e/0x70...
CVE-2026-23265
Summary: CVE-2026-23265 relates to the Linux kernel F2FS filesystem. The issue arises from a faulty sanity check on the node footer during read/end_io paths, leading to an inconsistency between the node page index (nid) and footer.nid. If a node page footer is corrupted (e.g., in a fuzzed image) ...
CVE-2026-23265 f2fs: fix to do sanity check on node footer in {read,write}_end_io
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in read,writeendio ----------- cut here ------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: blkupdaterequest+0x5eb/0xe70 block/blk-mq.c:987 blkmqendrequest+0x3e/0x70...
CVE-2026-23265 f2fs: fix to do sanity check on node footer in {read,write}_end_io
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in read,writeendio ----------- cut here ------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: blkupdaterequest+0x5eb/0xe70 block/blk-mq.c:987 blkmqendrequest+0x3e/0x70...
SUSE CVE-2026-23234
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fswriteendio As syzbot reported an use-after-free issue in f2fswriteendio. It is caused by below race condition: loop device umount - workerthread - loopprocesswork - doreqfilebacked - lorwaio -...
EUVD-2026-9406
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fswriteendio As syzbot reported an use-after-free issue in f2fswriteendio. It is caused by below race condition: loop device umount - workerthread - loopprocesswork - doreqfilebacked - lorwaio -...