kernel: ext4: only dirty folios when data journaling regular files

In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files fstest generic/388 occasionally reproduces a crash that looks as follows: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace:...

kernel: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails

In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit fails. syzbot reported a warning below 1 following a fault injection in nfsfsprocnetinit. 0 When nfsfsprocnetinit fails, /proc/net/rpc/nfs is not removed. Later, rpcprocexit...

CVE-2025-64507

An issue in Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would be systems...

USN-7865-1 linux-fips vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

Node.js: FS Permissions Bypass

A flaw was discovered in Node.js's Permissions model that allowed attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory could escape the allowed path a...

netfs: Fix missing xas_retry() calls in xarray iteration

...

AZL-69799 CVE-2025-64433 affecting package kubevirt for versions less than 1.5.3-2

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

CVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs files

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

EUVD-2025-37940

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

USN-7835-5: Linux kernel (Oracle) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990608 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with...

youki 安全漏洞

youki is a youki open source implementation of the OCI runtime specification in Rust. A security vulnerability exists in youki version 0.5.6 and earlier, which stems from insufficient validation of the write target by the apparmor handler, which in combination with path substitution during pathna...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990472)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990472 advisory. In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sbbread with pointerslock held syzbot is reporting sleep in atomic context in Sy...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990582)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990582 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit ocfs2: return real error code in...

EUVD-2025-37938

Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path...

GHSA-VF95-55W6-QMRF youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects

Impact youki’s apparmor handling performs insufficiently strict write-target validation, which—combined with path substitution during pathname resolution—can allow writes to unintended procfs locations. Weak write-target check youki only verifies that the destination lies somewhere under procfs. ...

UBUNTU-CVE-2025-52881

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

[SECURITY] Fedora 43 Update: python-rignore-0.7.1-1.fc43

rignore is a Python module that provides a high-performance, Rust-powered file system traversal functionality. It wraps the Rust ignore crate using PyO3, offering an efficient way to walk through directories while respecting various ignore rules...