139 matches found
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed the potential use of a null pointer in destroyworkqueue within the error path of initcifs. Dan Carpenter reported a Smack static checker warning: fs/smb/client/cifsfs.c:1981 initcifs Error: We previously assumed th...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: “smack”: fixed a bug where an unprivileged task could create labels. If an unprivileged task is allowed to relabel itself "/smack/relabel-self is not empty", it can freely create new labels by writing their names into its own...
CVE-2025-71304
A flaw was found in the Linux kernel's Smack module. A local user with privileges to modify Smack's Domain of Interpretation DOI values could cause a denial of service. By writing a previously used DOI value to /smack/doi, networking for non-ambient labels becomes disabled. This prevents network...
SUSE CVE-2025-71304
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
EUVD-2025-209968
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
CVE-2025-71304
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
UBUNTU-CVE-2025-71304
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
CVE-2025-71304
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
CVE-2025-71304 smack: /smack/doi: accept previously used values
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
CVE-2025-71304
CVE-2025-71304 — Linux kernel Smack DOI handling : The issue arises when writing to /smack/doi with a value previously used, which can disable networking for non-ambient labels. This can lead to privilege escalation, DoS, or information leaks. Debian/RootOS OSV notes indicate patches exist (e.g.,...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from writing values from the /smack/doi module. By writing values that have been previously used, it is...
PT-2026-43687
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Smack access control module where writing a previously used value to the '/smack/doi' endpoint disables networking for non-ambient labels. This occurs because the...
CVE-2025-71304
smack: /smack/doi: accept previously used values...
Linux Distros Unpatched Vulnerability : CVE-2025-71304
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: LSM: General protection fault in legacyparseparam The usual LSM hook mechanism of “bailing on failure” doesn’t work in cases where a security module may return an error code indicating that it doesn’t recognize an input. In this...
io.github.epi155:promethium-pgp-jdk5 (=0.5-B1), io.github.hWorblehat:nexus3-external-auth-plugin (=0.1.0) +220 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk15to18 (>=1.65 <=1.82)
org.bouncycastle:bcpg-jdk15to18 MAVEN version =1.65, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-beta3, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.10.0 and more Source cves: CVE-2026-3505 Source advisory:...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992736)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992736 advisory. In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4...
smack: fix bug: unprivileged task can create labels
...
SUSE CVE-2025-68733
In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself /smack/relabel-self is not empty, it can freely create new labels by writing their names into own /proc/PID/attr/smack/curre...
EUVD-2025-205064
In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself /smack/relabel-self is not empty, it can freely create new labels by writing their names into own /proc/PID/attr/smack/curre...