redis: possible bypass of Unix socket permissions on startup

A flaw was found in Redis, an in-memory database that persists on disk. On startup, Redis listens on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, anothe...

Important: Red Hat Security Advisory: redis security update

An update for redis is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Important: redis security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

ALSA-2025:0693 Important: redis security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

redis: possible bypass of Unix socket permissions on startup

A flaw was found in Redis, an in-memory database that persists on disk. On startup, Redis listens on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, anothe...

PT-2025-51833

Name of the Vulnerable Software and Affected Versions Dropbear versions 2024.84 through 2025.88 Description An authenticated user can achieve privilege escalation in Dropbear via Unix domain socket forwardings. Specifically, a user able to log in via SSH can connect to any Unix socket as root,...

redis: possible bypass of Unix socket permissions on startup

A flaw was found in Redis, an in-memory database that persists on disk. On startup, Redis listens on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, anothe...

Moderate: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: redis:7 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

ALSA-2024:10869 Moderate: redis:7 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

CVE-2024-54661

readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file...

AZL-54629 CVE-2024-53091 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Add skisinet and ISICSK check in tlsswhasctxtx/rx As the introduction of the support for vsock and unix sockets in sockmap, tlsswhasctxtx/rx cannot presume the socket passed in must be ISICSK. vsock and afunix sockets have...

CVE-2024-53091

CVE-2024-53091 —The issue in the Linux kernel concerns TLS handling in sockmap with vsock and AF_UNIX sockets. The fix adds an IS_ICSK check to tls_sw_has_ctx_tx/rx because these socket types do not use inet_connection_sock, so tls_get_ctx could otherwise return an invalid pointer and trigger a p...

PT-2024-35555

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.65 Description A vulnerability in the Linux kernel has been resolved. The issue is related to the introduction of support for vsock and unix sockets in sockmap, where the function tls sw has ctx tx/rx cannot...

OESA-2024-2269 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its...

OESA-2024-2271 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its...

GHSA-FC27-7PF5-96V3 Duplicate Advisory: Vulnerable juju hook tool abstract UNIX domain socket

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8v4w-f4r9-7h6x. This link is maintained to preserve external references. Original Description Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the...

CVE-2024-8038

Technical details about CVE-2024-8038 are not publicly provided in the connected documents. The sources reference the vulnerability but do not specify affected products/versions, root cause, impact, or fixes. Monitor for updates.

CVE-2024-8038

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks...

The vulnerability of the unix_release_sock/unix_stream_sendmsg function in the af_unix component of the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the unixreleasesock/unixstreamsendmsg function in the afunix component is related to concurrent access to resources race condition. Exploiting this vulnerability could allow a attacker to cause service failures...