CVE-2026-25740

Summary : CVE-2026-25740 describes a local privilege escalation in NixOS where enabling the captive-browser module (programs.captive-browser) allows any user to run arbitrary commands with the CAP_NET_RAW capability in 25.05 and earlier. The underlying issue enables binding to privileged ports an...

CVE-2026-25740 Privilege escalation to the `CAP_NET_RAW` capability via the `programs.captive-browser` NixOS module

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAPNETRAW capability binding to privileged ports, spoofing localho...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000592)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000592 advisory. Race condition in net/packet/afpacket.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service use-after-free by...

SUSE CVE-2019-17054

atalkcreate in net/appletalk/ddp.c in the AFAPPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c...

kernel: net/packet: slab-out-of-bounds access in packet_recvmsg()

An out-of-bounds access issue was found in the Linux kernel networking subsystem in the way raw packet sockets AFPACKET used PACKETCOPYTHRESH and mmap operations. A local attacker with CAPNETRAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or privilege...

PT-2018-10028 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.15.7 Description: The netfilter subsystem in the Linux kernel mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service NULL...

UBUNTU-CVE-2018-1065

The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service NULL pointer dereference by leveraging the CAPNETRAW or CAPNETADMIN capability, related to...

The vulnerability of the packet_set_ring function in the kernel of Linux operating systems allows a attacker to increase their privileges, cause service failures, or execute arbitrary code.

The vulnerability of the packetsetring function in the Linux operating system’s kernel is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, who has local privileges as CAPNETRAW, to create PFPACKET sockets, initiate racing states and memory usage...

PT-2017-3105 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a heap out-of-bounds condition in AF PACKET sockets, similar to a previously disclosed problem. It involves a race condition between a socket option that change...

DEBIAN-CVE-2017-7308

The packetsetring function in net/packet/afpacket.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service integer signedness error and out-of-bounds write, or gain privileges if the CAPNETRAW capability is held...

PT-2016-2922 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.8.12 Description: The issue exists due to insufficient checking of a resource's state when it can be shared, allowing a local attacker to potentially gain privileges or cause a denial of service use-after-free...

kernel: net/packet/af_packet.c: reading uninitialized stack memory

net/packet/afpacket.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAPNETRAW capability to read copies of the applicable structures...