26 matches found
EUVD-2026-40971
In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...
PT-2026-52331
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A side-channel issue exists where an unprivileged application can attach a filter to TCP sockets to leak TCP sequence and acknowledgment numbers. This is achieved through the use of SO...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: requires CAPNETADMIN to attach NGSM0710 ldisc. Any unprivileged user can attach to NGSM0710 ldisc, but it still requires CAPNETADMIN to create a GSM network. Additionally, it requires the initial namespace setting of...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001399)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001399 advisory. A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c in the Linux kernel. This flaw allows a local attacker with a...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000695)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000695 advisory. The tipcmsgbuild function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002381)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002381 advisory. The fib6add function in net/ipv6/ip6fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a deni...
clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns
...
CVE-2025-38499
In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a...
kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()
A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of-bounds read, potentially leadi...
kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nftables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user with CAPNETADMIN capability could use this...
kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests
A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash or potentially...
DEBIAN-CVE-2023-3610
A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFTMSGNEWRULE. The vulnerability requires CAPNETADMIN to be triggered...
SUSE CVE-2014-1874
The securitycontexttosidcore function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service system crash by leveraging the CAPMACADMIN capability to set a zero-length security context...
AZL-9240 CVE-2022-0494 affecting package kernel for versions less than 5.15.37.1-2
A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege CAPSYSADMIN or CAPSYSRAWIO to create issues with confidentiality...
kernel: fs_context: heap overflow in legacy parameter handling
A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privile...
DEBIAN-CVE-2021-42008
The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAPNETADMIN capability can lead to root access...
PT-2021-7360 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.13 Description: The issue is related to a slab out-of-bounds write in the decode data function of the drivers/net/hamradio/6pack.c component in the Linux kernel. This can be exploited to gain access to...
kernel: netfilter: use-after-free in the packet processing context
A use-after-free flaw was found in the packet processing context in net/netfilter/xtables.c in netfilter in the Linux Kernel. This issue occurs when the per-CPU sequence count is mishandled during concurrent iptables rules replacement and can be exploited with the CAPNETADMIN capability in an...
CVE-2017-17449
The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel through 4.14.4, when CONFIGNLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAPNETADMIN...
kernel: net: Out of bounds stack read in memcpy_fromiovec
A flaw was found in the Linux networking subsystem where a local attacker with CAPNETADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto...