In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls
The size of the data behind of scontrol->ipc_control_data
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()
Extended the `mi_enum_attr()` function interface with an a
In the Linux kernel, the following vulnerability has been resolved:
ceph: avoid kernel BUG for encrypted inode with unaligned file size
The generic/397 test hits a BUG_ON for the case of encrypted i
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix order >= MAX_ORDER warning due to crafted negative i_size
As syzbot reported [1], the root cause is that i_size field i
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix out-of-bounds in parse_sec_desc()
If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd
struct size.
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
smb_direct_prepare_negotiation() casts an unsigned __u32 value
fro
In the Linux kernel, the following vulnerability has been resolved:
jfs: validate AG parameters in dbMount() to prevent crashes
Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch
c
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed
If an NTFS file system is mounted to another system with differen
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
Syzbot reported a null-ptr-deref bug:
ntfs3: loop0: Different NTFS'
In the Linux kernel, the following vulnerability has been resolved:
btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size
On zoned filesystem, data write out is limited by max_zone_appe
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Prevent integer overflow in hdr_first_de()
The "de_off" and "used" variables come from the disk so they both need to
che
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: check return value of indx_find to avoid infinite loop
We found an infinite loop bug in the ntfs3 file system that can
libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c.
In the Linux kernel, the following vulnerability has been resolved:
NFSv4: Fix free of uninitialized nfs4_label on referral lookup.
Send along the already-allocated fattr along with nfs4_fs_location
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a
metada
In the Linux kernel, the following vulnerability has been resolved:
Revert "f2fs: fix to do sanity check on extent cache correctly"
syzbot reports a f2fs bug as below:
UBSAN: array-index-out-of-bou
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: fix integer overflow in run_unpack() volume boundary check
The volume boundary check `lcn + len > sbi->used.bitmap.nbits` u
In the Linux kernel, the following vulnerability has been resolved:
hfs: fix slab-out-of-bounds in hfs_bnode_read()
This patch introduces is_bnode_offset_valid() method that checks
the requested off
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
Initialize the size before calling amdgpu_vce_cs_relo
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat/qat_420xx - fix off by one in uof_get_name()
This is called from uof_get_name_420xx() where "num_objs" is the
ARRAY_SI