872 matches found
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006904)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006904 advisory. In the Linux kernel, the following vulnerability has been resolved: hwmon: coretemp Simplify platform device handling Coretemp's platform driver is unconventional. A...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011048)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011048 advisory. In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, t...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010896)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010896 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: use cpuhpstateremoveinstancenocalls for hisihns3pmu uninit process When teari...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013144)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013144 advisory. In the Linux kernel, the following vulnerability has been resolved: firmware: armsdei: Fix sleep from invalid context BUG Running a preempt-rt v6.2-rc3-rt1 based...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007023)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007023 advisory. In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix possible panic during hotplug remove During hotplug remove it is possible that the...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006581)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006581 advisory. In the Linux kernel, the following vulnerability has been resolved: hwmon: coretemp Simplify platform device handling Coretemp's platform driver is unconventional. A...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006698)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006698 advisory. In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix possible panic during hotplug remove During hotplug remove it is possible that the...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006638)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006638 advisory. In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix possible panic during hotplug remove During hotplug remove it is possible that the...
CVE-2026-30874
A flaw was found in the procd component of OpenWrt. A highly privileged local attacker can bypass environment variable filtering in the hotplugcall function by injecting an arbitrary PATH variable. This vulnerability, caused by an incorrect string comparison, allows the attacker to control which...
CVE-2026-30874
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...
EUVD-2026-13378
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...
CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...
CVE-2026-30874
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...
CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...
CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...
CVE-2026-30874
OpenWrt procd PATH environment variable filter bypass (CVE-2026-30874). In OpenWrt versions prior to 24.10.6, hotplug_call does not exclude PATH due to a strcmp vs strncmp bug, allowing a local attacker to influence which binaries are executed by procd-invoked scripts with elevated privileges, po...
PT-2026-26432
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug call function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005555)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005555 advisory. In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: remove cpuhp instance node before remove cpuhp state cpuhpstateaddinstance and...
AZL-75770 CVE-2026-24054 affecting package kata-containers for versions less than 3.19.1.kata2-3
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...
CVE-2026-24054 Kata Containers Runtime: Host block device can be hotplugged to the VM if the container image is malformed or contains no layers
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...