CVE-2026-22987 net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...

CVE-2026-22987

CVE-2026-22987 concerns the Linux kernel net/sched subsystem. The issue arises when tcf_idrinfo_destroy() can pass an ERR_PTR(-EBUSY) as a tc_action pointer during netns teardown, leading to a dereference of an error pointer in tc_act_in_hw(). The fix adds a guard to skip ERR_PTR entries while it...

Linux Distros Unpatched Vulnerability : CVE-2026-22987

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.4 security update

Important: Red Hat OpenShift GitOps v1.17.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8231 CVE-2025-47913 openshift-gitops-1/argocd-agent-rhel8: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.3 security update

Important: Red Hat OpenShift GitOps v1.18.3 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8239 CVE-2025-47913 openshift-gitops-1/gitops-rhel8: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS gitops-1.1...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56658)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56658 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: defer final 'struct net' free in...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56635)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56635 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21858)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21858 advisory. - In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in...

Azure Linux 3.0 Security Update: kernel (CVE-2024-44991)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-44991 advisory. - In the Linux kernel, the following vulnerability has been resolved: tcp: prevent concurrent execution of...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38498)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38498 advisory. - In the Linux kernel, the following vulnerability has been resolved: dochangetype: refuse to operate on...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37922)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37922 advisory. - In the Linux kernel, the following vulnerability has been resolved: book3s64/radix : Align section vmemmap...

CVE-2026-22822

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

CVE-2026-22822

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

CVE-2026-22822 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

CVE-2026-22822 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

CVE-2026-22822

CVE-2026-22822 affects the External Secrets Operator. The root issue is the getSecretKey templating function, which in versions starting from 0.20.2 and prior to 1.2.0 allowed cross‑namespace retrieval of secrets via the controller’s roleBinding, bypassing safeguards. This could lead to unauthori...

External Secrets Security Vulnerabilities

External Secrets is an open-source Kubernetes-related application developed by External Secrets. There were security vulnerabilities in versions 0.20.2 to 1.2.0 of External Secrets. These vulnerabilities stemmed from the getSecretKey template function, which allowed access to secrets across...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the getSecretKey function. An attacker can gain unauthorized access to secrets across namespaces by exploiting the function's ability to bypass security mechanisms and retrieve secrets using elevated...

External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

Summary The getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed, ...

GHSA-77V3-R3JW-J2V2 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

Summary The getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed, ...