SUSE CVE-2014-4014

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with grou...

SUSE CVE-2015-4178

The fspin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service system crash by leveraging user-namespace root access for an MNTDETACH umount2 system call, related to...

SUSE CVE-2015-4177

The collectmounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service system crash by leveraging user-namespace root access for an MNTDETACH umount2 system...

SUSE CVE-2015-4176

fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory...

SUSE CVE-2015-8709

kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor...

SUSE CVE-2018-7169

An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...

SUSE CVE-2020-25039

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution...

SUSE CVE-2021-21284

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can...

SUSE CVE-2021-22555

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user name space...

SUSE CVE-2022-29582

In the Linux kernel before 5.17.3, fs/iouring.c has a use-after-free due to a race condition in iouring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently...

SUSE CVE-2022-31214

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...

CVE-2023-23454

An out-of-bounds OOB read problem was found in cbqclassify in net/sched/schcbq.c in the Linux kernel. This issue may allow a local attacker to cause a denial of service due to type confusion. Non-negative numbers could indicate a TCACTSHOT condition rather than valid classification results...

PT-2023-33212 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.83 Description: The issue concerns the af unix component in the Linux Kernel, specifically with how the user ns is obtained from in skb in the unix diag get exact function. The actual impact and potential...

PT-2023-33107 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.13 Description: The issue is related to the af unix component in the Linux Kernel, specifically with how the user ns is obtained from in skb in the unix diag get exact function. The actual impact and...

PT-2023-33291 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.159 Description: The issue is related to the af unix component in the Linux Kernel, specifically with how the user ns is retrieved from in skb in the unix diag get exact function. The actual impact and...

PT-2023-33353 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.227 Description: The issue is related to the af unix component in the Linux Kernel, specifically with how the user ns is retrieved from in skb in the unix diag get exact function. The actual impact and...

OPENSUSE-SU-2023:0018-1 Security update for apptainer

This update for apptainer fixes the following issues: Updated to 1.1.2 which fixed CVE-2022-39237 CVE-2022-39237: The sif dependency included in Apptainer before this release does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. This release...

PT-2024-11835 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a NULL pointer dereference in the sk user ns function, which is caused by the newly allocated skb not having sk in the unix diag get exact function. This can le...

Netfilter nft_set_elem_init Heap Overflow Privilege Escalation

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netfilter nftseteleminit Heap Overflow Privilege Escalation', 'Description' = %q An issue was discovered in the Linux...

The vulnerability in the `nft_set_elem_init` function of the `net/netfilter/nf_tables_api.c` file, belonging to the User Namespace Handler component in the Linux operating system’s kernel, allows a hacker to gain root access.

The vulnerability of the nftseteleminit function in the net/netfilter/nftablesapi.c file of the User Namespace Handler component in the Linux operating system kernel is caused by a buffer overflow. Exploiting this vulnerability could allow a remote attacker to gain root access...