CLSA-2025-1762332910 kernel: Fix of 5 CVEs

ext4: fix possible UAF when remounting r/o a mmp-protected file system CVE-2021-47342 - ext4: fix memory leak in ext4fillsuper - net: defer final 'struct net' free in netns dismantle CVE-2024-56658 - net/sched: schqfq: Fix race condition on qfqaggregate CVE-2025-38477 - ALSA: usb-audio: Fix an...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989072)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989072 advisory. In the Linux kernel, the following vulnerability has been resolved: afunix: Get userns from inskb in unixdiaggetexact. Wei Chen reported a NULL deref in skuserns 01,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990233)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990233 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix UaF in netns ops registration error path If netassigngeneric fails, the current error pa...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988896)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988896 advisory. In the Linux kernel, the following vulnerability has been resolved: devlink: fix netns refcount leak in devlinknlcmdreload While preparing my patch series adding net...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989897)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989897 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: serialize hash resizes and cleanups Syzbot was able to trigger the followin...

MARIN3R: Cross-Namespace Vulnerability in the Operator

Summary Cross-namespace Secret access vulnerability in DiscoveryServiceCertificate allows users to bypass RBAC and access Secrets in unauthorized namespaces. Affected Versions All versions prior to v0.13.4 Patched Versions v0.13.4 and later Impact Users with permission to create...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the getIssuerCertificate function. An attacker can gain unauthorized access to Secrets in other namespaces by bypassing RBAC restrictions. This is only exploitable if the attacker has permission to create...

GHSA-GF93-XCCM-5G6J MARIN3R: Cross-Namespace Vulnerability in the Operator

Summary Cross-namespace Secret access vulnerability in DiscoveryServiceCertificate allows users to bypass RBAC and access Secrets in unauthorized namespaces. Affected Versions All versions prior to v0.13.4 Patched Versions v0.13.4 and later Impact Users with permission to create...

CLSA-2025-1762244848 kernel: Fix of 5 CVEs

ext4: fix possible UAF when remounting r/o a mmp-protected file system CVE-2021-47342 - ext4: fix memory leak in ext4fillsuper - net: defer final 'struct net' free in netns dismantle CVE-2024-56658 - net/sched: schqfq: Fix race condition on qfqaggregate CVE-2025-38477 - ALSA: usb-audio: Fix an...

PT-2025-45114

Name of the Vulnerable Software and Affected Versions MARIN3R versions 0.13.3 and below Description MARIN3R, a lightweight, CRD based envoy control plane for kubernetes, contains a flaw where a cross-namespace secret access issue exists in the DiscoveryServiceCertificate component. This allows...

MARIN3R: Cross-Namespace Vulnerability in the Operator

Cross-namespace Secret access vulnerability in DiscoveryServiceCertificate allows users to bypass RBAC and access Secrets in unauthorized namespaces...

CLSA-2025-1762180294 podman: Fix of CVE-2024-9676

CVE-2024-9676: fix symlink traversal vulnerability in containers/storage library to prevent hanging and denial of service when running malicious images via automatically assigned user namespace...

PT-2025-52913

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the ns list node for initial namespaces is not always initialized. This can lead to problems with namespace management. Recommendations At the...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ax25: The unshare skbs operation was performed correctly in ax25kissrcv. Bernard Pidoux reported a regression that appeared to be caused by the commit c353e8983e0d “net: introduce per netns packet chains”. This commit introduced ...

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dochangetype: refusal to operate on unmounted/not-of-our-mounts mounts. It is ensured that propagation settings can only be changed for mounts located within the caller’s mount namespace. This change aligns permission checks with...

Astra Linux – Vulnerability in PHP 8.2

In PHP versions 8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, and 8.4. before 8.4.10, when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefixes may lead to null pointer dereferencing. This can result in crashes and affect the availability of the target server...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit fails. The syzbot reported a warning below 1 after a fault injection in nfsfsprocnetinit. 0 When nfsfsprocnetinit fails, /proc/net/rpc/nfs is not removed. Later, rpcprocexit...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: xfrm: The interface function xfrmichangelink may incorrectly place the special interface xi in the xfrminet-xfrmi hash. This issue occurs because the check to enforce this behavior is only performed in cases where the xi value is...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: Make sure that the caller has CAPSYSADMIN in the correct user namespaces. What we want to ensure is that cloneprivatemnt will not expose something hidden by a mount that we wouldn’t be able to undo. “ wouldn’t be...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1.1)

The version of AHV installed on the remote host is prior to AHV-10.3.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1.1 advisory. - A vulnerability has been identified in the libarchive library, specifically within the archivereadformatrarseekdata...