DEBIAN-CVE-2025-21864

In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6tunnelnetexit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the...

DEBIAN-CVE-2025-21865

In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in gtpnetexitbatchrtnl. Brad Spengler reported the listdel corruption splat in gtpnetexitbatchrtnl. 0 Commit eb28fd76c0a0 "gtp: Destroy device along with udp socket's netns dismantle." added th...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to release the secpath in a timely manner when deleting network namespaces, which could lead to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an out-of-bounds write vulnerability that stems from multiple calls to dellink when deleting network namespaces, resulting in a corrupted list. Th...

Linux Distros Unpatched Vulnerability : CVE-2024-54680

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: smb: client: fix TCP timers deadlock after rmmod Commit ef7134c7fc48 smb: client: Fix...

Linux Distros Unpatched Vulnerability : CVE-2019-20794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and...

Linux Distros Unpatched Vulnerability : CVE-2017-1000111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that...

CVE-2022-49183

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: fix ref leak when switching zones When switching zones or network namespaces without doing a ct clear in between, it is now leaking a reference to the old ct entry. That's because tcfctskbnfctcached returns fals...

CVE-2022-49183

CVE-2022-49183: Linux kernel net/sched act_ct had a ref-leak when switching zones or network namespaces without a ct clear, leaking the old ct entry due to tcf_ct_skb_nfct_cached() returning false. The fix is to free the ct entry at tcf_ct_skb_nfct_cached() since the ct entry is not reusable. Con...

CVE-2022-49183 net/sched: act_ct: fix ref leak when switching zones

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: fix ref leak when switching zones When switching zones or network namespaces without doing a ct clear in between, it is now leaking a reference to the old ct entry. That's because tcfctskbnfctcached returns fals...

UBUNTU-CVE-2025-0937

Nomad Community and Nomad Enterprise "Nomad" event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces...

Important: Red Hat Security Advisory: Gatekeeper v3.15.3

Gatekeeper v3.15.3 Gatekeeper is a validating webhook with auditing capabilities that can enforce custom resource definition-based policies that are run with the Open Policy Agent OPA. Gatekeeper is supported through a Red Hat Advanced Cluster Management for Kubernetes subscription. Red Hat Produ...

Important: Red Hat Security Advisory: Gatekeeper v3.14.3

Gatekeeper v3.14.3 Gatekeeper is a validating webhook with auditing capabilities that can enforce custom resource definition-based policies that are run with the Open Policy Agent OPA. Gatekeeper is supported through a Red Hat Advanced Cluster Management for Kubernetes subscription. Red Hat Produ...

HashiCorp Nomad 安全漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator from the US-based HashiCorp Inc. for managing containerized and non-containerized applications at scale, both locally and in the cloud. HashiCorp Nomad suffers from a security vulnerability that stems from the fact that Nomad eve...

DEBIAN-CVE-2025-21678

In the Linux kernel, the following vulnerability has been resolved: gtp: Destroy device along with udp socket's netns dismantle. gtpnewlink links the device to a list in devnetdev instead of srcnet, where a udp tunnel socket is created. Even when srcnet is removed, the device stays alive on...

Argo CD 安全漏洞

Argo CD is an Argo open source declarative GitOps continuous delivery tool for Kubernetes. A security vulnerability exists in Argo CD that stems from the fact that the openshift.io/cluster-monitoring tag is automatically applied to all namespaces where ArgoCD CR instances are deployed, allowing t...

SUSE CVE-2025-21659

In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the very least NAPI...

CVE-2025-21659 netdev: prevent accessing NAPI instances from another namespace

In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the very least NAPI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a NAPI instance in the netdev module that does not properly handle namespaces. This could lead to cross-namespac...

MGASA-2025-0004 Updated opencontainers-runc packages fix security vulnerability

runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing...