Lucene search
K

742 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 4:15 p.m.8 views

CVE-2026-52961

A flaw was found in the Linux kernel's Ceph filesystem component. A race condition exists in the cephbuildxattrsblob function where the required extended attribute xattr blob size is computed before the buildxattrs call. During this window, another process can update the xattr blob, leading to a...

5.5CVSS5.7AI score0.00198EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.4 views

CVE-2026-53041

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...

7.1CVSS0.00126EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 4:29 p.m.4 views

EUVD-2026-38909

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...

6AI score0.00126EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51935

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the OCFS2 file system where the listxattr function can return a size larger than the caller's buffer. This occurs when an OCFS2 inode contains both inline and...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51856

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer leak occurs in the ceph module within the ceph setxattr function. During a retry operation, the old blob variable can store the value of ci-i xattrs.prealloc blob, but the ceph...

6.1AI score0.00184EPSS
Exploits0References17
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Mitigated the risk of underflow of the EA inode refcount during xattr updates. Syzkaller identified a path in ext4xattrinodeupdateref where the refcount of EA inodes is checked, and if it is already ref underflow:...

6.6AI score0.00188EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In f2fssetxattr in fs/f2fs/xattr.c in the Linux kernel, as of version 5.15.11, there is a potential for out-of-bounds memory access when an inode has an invalid last xattr entry...

7.8CVSS6.3AI score0.00549EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a task that was stuck in ext4xattrdeleteinode. Syzbot reported a problem with stuck tasks: ================================================================== INFO: Task syz-executor232:5073 is blocked for more than...

5.5CVSS6.2AI score0.00167EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed an out-of-bound read in ext4xattrinodedecrefall. The issue is as follows: BUG: KASAN: Use-after-free in ext4xattr inodedecrefall+0x6ff/0x790. A read of size 4 was performed at address ffff88807b003000 by the task...

7.1CVSS6.3AI score0.00156EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fixed races between xattrset|get and listxattr operations. Some issues may occur when performing concurrent xattrset|get and listxattr operations, such as assertion failures, memory corruption, and stale xattr values1. The...

5.5CVSS5.8AI score0.00236EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid out-of-bounds access when the system.data function calls xattr to modify xattrs under the filesystem. When searching for an entry in an inline directory, if the evalueoffs parameter is changed under the filesystem due...

7.8CVSS6.3AI score0.00245EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix deadlock due to corruption of mbcache entries When manipulating xattr blocks, a deadlock can occur due to infinite loops within ext4xattrblockset. In this process, we continuously try to reuse xattr blocks for mbcache,...

5.8AI score0.00211EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/11 1:41 a.m.6 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

7.8CVSS5.8AI score0.00393EPSS
Exploits1References7
AstraLinux
AstraLinux
added 2026/06/02 3:27 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: The fdput function is missing in the fremovexattr error path. In the Linux kernel, the fremovexattr system call calls fdget to obtain a file reference, but returns early without calling fdput when strncpyfromuser fails...

5.5CVSS5.6AI score0.0021EPSS
Exploits1References2
CloudLinux
CloudLinux
added 2026/05/30 10:23 a.m.11 views

rsync: Fix of CVE-2026-41035

CVE-2026-41035: fix use-after-free in receivexattr by using tempxattr.count instead of the stale count in qsort...

7.8CVSS5.5AI score0.00393EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.11 views

RockyLinux 8 : kernel-rt (RLSA-2026:21745)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21745 advisory. kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183...

9.4CVSS6AI score0.00514EPSS
Exploits0References37
OSV
OSV
added 2026/05/29 2:28 p.m.4 views

CLSA-2026-1780062671 Fix CVE(s): CVE-2026-41035

SECURITY UPDATE: receiver use-after-free in receivexattr via a wire-supplied xattr count passed to qsort: - debian/patches/els/0007-CVE-2026-41035.patch: sort tempxattr.count stored items instead of the untrusted wire count. - CVE-2026-41035...

7.8CVSS5.8AI score0.00393EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 11:39 a.m.5 views

CLSA-2026-1780054763 Fix CVE(s): CVE-2026-41035

SECURITY UPDATE: use-after-free in receivexattr - debian/patches/CVE-2026-41035.patch: replace stale local 'count' with tempxattr.count in the qsort call inside receivexattr, so the sort uses the live size of the rebuilt xattr items list; victim must run rsync with -X / --xattrs - CVE-2026-41035...

7.8CVSS5.8AI score0.00393EPSS
Exploits1References1
OSV
OSV
added 2026/05/28 11:40 a.m.7 views

SUSE-SU-2026:21841-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2024-14027: xattr: switch to CLASSfd bsc1259420. - CVE-2025-40181: x86/kvm: Force legacy PCI hole to UC when...

9.8CVSS6.6AI score0.0138EPSS
Exploits19References455
RedHat Linux
RedHat Linux
added 2026/05/28 8:47 a.m.16 views

kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

5.8AI score0.00168EPSS
Exploits0References5
Rows per page
Query Builder