SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP3) (SUSE-SU-2022:2239-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2239-1 advisory. - Integer Overflow or Wraparound vulnerability in iouring of Linux Kernel allows local attacker to cause memory corruption and...

Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5500-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5500-1 advisory. Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some...

SUSE SLES15 Security Update : kernel (Live Patch 16 for SLE 15 SP3) (SUSE-SU-2022:2216-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2216-1 advisory. - Integer Overflow or Wraparound vulnerability in iouring of Linux Kernel allows local attacker to cause memory corruption and...

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2172-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2172-1 advisory. - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database aka dbx protection...

CVE-2022-31214

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...

CVE-2022-32250

A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nftablesapi.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. Mitigation In order to trigger the issue, it requires the ability to create user/net...

CVE-2022-32250

net/netfilter/nftablesapi.c in the Linux kernel through 5.18.1 allows a local user able to create user/net namespaces to escalate privileges to root because an incorrect NFTSTATEFULEXPR check leads to a use-after-free...

DEBIAN-CVE-2022-32250

net/netfilter/nftablesapi.c in the Linux kernel through 5.18.1 allows a local user able to create user/net namespaces to escalate privileges to root because an incorrect NFTSTATEFULEXPR check leads to a use-after-free...

CVE-2022-32250

net/netfilter/nftablesapi.c in the Linux kernel through 5.18.1 allows a local user able to create user/net namespaces to escalate privileges to root because an incorrect NFTSTATEFULEXPR check leads to a use-after-free...

UBUNTU-CVE-2022-32250

net/netfilter/nftablesapi.c in the Linux kernel through 5.18.1 allows a local user able to create user/net namespaces to escalate privileges to root because an incorrect NFTSTATEFULEXPR check leads to a use-after-free...

CVE-2022-32250

net/netfilter/nftablesapi.c in the Linux kernel through 5.18.1 allows a local user able to create user/net namespaces to escalate privileges to root because an incorrect NFTSTATEFULEXPR check leads to a use-after-free...

PT-2022-2764

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.18.1 Description The issue is related to an incorrect NFT STATEFUL EXPR check in the net/netfilter/nf tables api.c file, leading to a use-after-free condition. This allows a local user, who is able to create...

DEBIAN-CVE-2022-1678

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients...

GHSA-HHPM-74PM-HF35 ingress-nginx component for Kubernetes allows file overwrite

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace ...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2022-023 (ALASKERNEL-5.4-2022-023)

The version of kernel installed on the remote host is prior to 5.4.181-99.354. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-023 advisory. AMD recommends using a software mitigation for this issue, which the kernel is enabling by default. The Lin...

GHSA-6R7X-4Q7G-H83J Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them

In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it...

kernel: cgroup: Use open-time creds and namespace for migration perm checks

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1...

kernel: cgroup: Use open-time creds and namespace for migration perm checks

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1...

GO-2021-0412 Incorrect authorization in github.com/containerd/imgcrypt

The imgcrypt library provides API extensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function CheckAuthorization is supposed to check whether the current used is...

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-1537)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have...