376 matches found
CVE-2025-38499
CVE-2025-38499 affects the Linux kernel. The issue arises in clone_private_mnt() where CAP_SYS_ADMIN is checked in the wrong user namespace, potentially allowing a local attacker with low privileges to influence mount handling and affect availability. The referenced advisories show this CVE is tr...
CVE-2025-38499 clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns
In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from cloneprivatemnt not validating the CAPSYSADMIN privilege in the user's namespace, which could lead to elevat...
Linux Distros Unpatched Vulnerability : CVE-2019-15793
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group id...
SUSE CVE-2025-38247
In the Linux kernel, the following vulnerability has been resolved: userns and mntidmap leak in opentreeattr2 Once wantmountsetattr has returned a positive, it does require finishmountkattr to release -mntuserns. Failing domountsetattr does not change that. As the result, we can end up leaking...
CVE-2025-38247
CVE-2025-38247 concerns the Linux kernel: a leak of user namespaces and possibly mnt_idmap in open_tree_attr(2) due to not releasing ->mnt_userns after a positive result from want_mount_setattr(). The root cause is that finish_mount_kattr() must release the namespace, and if do_mount_setattr()...
CVE-2025-38247
In the Linux kernel, the following vulnerability has been resolved: userns and mntidmap leak in opentreeattr2 Once wantmountsetattr has returned a positive, it does require finishmountkattr to release -mntuserns. Failing domountsetattr does not change that. As the result, we can end up leaking...
CVE-2025-38247 userns and mnt_idmap leak in open_tree_attr(2)
In the Linux kernel, the following vulnerability has been resolved: userns and mntidmap leak in opentreeattr2 Once wantmountsetattr has returned a positive, it does require finishmountkattr to release -mntuserns. Failing domountsetattr does not change that. As the result, we can end up leaking...
CVE-2025-38247 userns and mnt_idmap leak in open_tree_attr(2)
In the Linux kernel, the following vulnerability has been resolved: userns and mntidmap leak in opentreeattr2 Once wantmountsetattr has returned a positive, it does require finishmountkattr to release -mntuserns. Failing domountsetattr does not change that. As the result, we can end up leaking...
PT-2025-28875 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to userns and mnt idmap leaks within the open tree attr2 function. Specifically, a failure in do mount setattr does not release the mnt userns...
Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions
The Qualys Threat Research Unit TRU recently disclosed three security bypasses in Ubuntu's unprivileged user namespace restrictions. Qualys responsibly disclosed these vulnerabilities to the Ubuntu Security Team on January 15, 2025, and has been working with Ubuntu since then. Qualys TRU uncovere...
Linux Distros Unpatched Vulnerability : CVE-2023-25809
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes...
Linux Distros Unpatched Vulnerability : CVE-2015-4177
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The collectmounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted,...
Astra Linux - уязвимость в libpod
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...
PT-2025-32554
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The clone private mnt function did not properly verify that the caller has CAP SYS ADMIN privileges within the correct user namespace. This could potentially allow exposure of hidden...
Exploit for Use After Free in Linux Linux_Kernel
CVE-2024-1086 For learning purpose. Refer: - https://pwning...
Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS)
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...
Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS)
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...
Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS)
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...
Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS)
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...