GHSA-W573-9FFJ-6FF9 Netty: Unix-socket fd receive leaks descriptors when peer sends two at once

nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has cmsglen = CMSGLEN8 = 24, which fits exactly with no MSGCTRUNC, so the kernel installs both fds in the receiving process. The subsequent che...

Netty: Unix-socket fd receive leaks descriptors when peer sends two at once

nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has cmsglen = CMSGLEN8 = 24, which fits exactly with no MSGCTRUNC, so the kernel installs both fds in the receiving process. The subsequent che...

JLSEC-2026-606

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

CVE-2026-44477

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE...

CVE-2026-44477 CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE...

CloudNativePG 代码问题漏洞

CloudNativePG is an open-source platform developed by CloudNativePG for managing the entire lifecycle of PostgreSQL databases on Kubernetes. Versions of CloudNativePG prior to 1.29.1 and 1.28.3 contained code vulnerabilities. These vulnerabilities stemmed from the metric exporter using the pod’s...

CVE-2026-41054

A flaw was found in haveged. The sockethandler function, responsible for handling connections to the abstract UNIX socket, incorrectly proceeds with execution even after detecting that a connecting user is not root. This oversight allows a local unprivileged user to bypass security checks and...

CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

UBUNTU-CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

EUVD-2026-31076

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

CVE-2026-41054

CVE-2026-41054 affects haveged. In haveged’s source havegecmd.c, socket_handler checks the caller via an abstract UNIX socket and returns a negative acknowledgment for non-root users, but execution is not halted, enabling a local unprivileged user to reach privileged actions (e.g., MAGIC_CHROOT)....

CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

Astra Linux - уязвимость в linux-5.10, linux-6.1

A use-after-free flaw was discovered in the Linux kernel due to a race condition in the unix garbage collector’s deletion of SKB races involving the unixstreamread generic function on the socket onto which the SKB is queued...

Astra Linux - уязвимость в avahi

A flaw was discovered in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not handled correctly in the clientwork function, allowing a local attacker to trigger an infinite loop. The most significant threat from this...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: afunix: The stale u-oobskb was cleared. syzkaller started reporting a deadlock of unixgclock after the commit. 4090fa373f0e “afunix: Replace the garbage collection algorithm.”, but it simply exposes a bug that has existed since t...

CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....