4211 matches found
CVE-2025-68300 fs/namespace: fix reference leak in grab_requested_mnt_ns
In the Linux kernel, the following vulnerability has been resolved: fs/namespace: fix reference leak in grabrequestedmntns lookupmntns already takes a reference on mntns. grabrequestedmntns doesn't need to take an extra reference...
CVE-2025-68300 fs/namespace: fix reference leak in grab_requested_mnt_ns
In the Linux kernel, the following vulnerability has been resolved: fs/namespace: fix reference leak in grabrequestedmntns lookupmntns already takes a reference on mntns. grabrequestedmntns doesn't need to take an extra reference...
CVE-2025-40355
In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 "net: sysfs: Implement isvisible for physportid, portname, switchid", devchangenetnamespace can hit WARNON when trying to change owner of...
UBUNTU-CVE-2025-40355
In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 "net: sysfs: Implement isvisible for physportid, portname, switchid", devchangenetnamespace can hit WARNON when trying to change owner of...
Windows Exploitation Techniques: Winning Race Conditions with Path Lookups
Posted by James Forshaw This post was originally written in 2016 for the Project Zero blog. However, in the end it was published separately in the journal PoC||GTFOissue 13 as well as in the second volume of the printed version. In honor of our new blog we’re republishing it on this blog and...
PT-2025-51704
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference leak exists in the grab requested mnt ns function within the fs/namespace component of the Linux kernel. The lookup mnt ns function already acquires a reference to mnt ns,...
Linux Distros Unpatched Vulnerability : CVE-2025-40355
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 net: sysfs: Implement isvisible for physportid, portname, switchid,...
Linux Distros Unpatched Vulnerability : CVE-2025-68300
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/namespace: fix reference leak in grabrequestedmntns lookupmntns already takes a reference on mntns. grabrequestedmntns doesn't need to take an extra referenc...
ALSA-2025:23241 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns CVE-2025-38499 kernel: iommufd: Fix race during abort for file descriptors CVE-2025-39966 kernel: tls: wait for...
PT-2025-51571
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.1-1-mainline 1...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the processing of ArgoCD Custom Resources. A namespace admin can gain elevated privileges and execute arbitrary workloads with root access on master nodes by crafting malicious custom resources after...
GHSA-PCQX-8QWW-7F4V OpenShift GitOps authenticated attackers can obtain cluster root access through forged ArgoCD custom resources
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...
CVE-2025-13888
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...
CVE-2025-13888
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.16.5 security update
Important: Red Hat OpenShift GitOps v1.16.5 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8116 CVE-2024-45338 openshift-gitops-dex-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html gitops-1.17 GITOPS-80...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.3 security update
Important: Red Hat OpenShift GitOps v1.17.3 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8116 CVE-2024-45338 openshift-gitops-dex-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html gitops-1.17 GITOPS-76...
CVE-2025-13888 Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...
CVE-2025-13888
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...
CVE-2025-13888 Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...
CVE-2025-13888
Summary: CVE-2025-13888 affects OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that abuse permissions to obtain elevated rights in other namespaces, enabling privileged workloads on master nodes and potential cluster-wide root access. The issue is corroborated by mult...