2 matches found
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003619)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003619 advisory. The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in...
kernel: perf_event_open() and execve() race in setuid programs allows a data leak
A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...