680 matches found
CVE-2023-54013
CVE-2023-54013 concerns the Linux kernel where interconnect locking could deadlock between runpm and memory reclaim. The description notes a fix to decouple ICC locking by introducing a new icc_bw_lock to serialize bandwidth aggregation, separating it from paths that allocate memory (e.g., node/l...
CVE-2025-33225
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tamperi...
UNIX Symbolic Link (Symlink) Following
Overview nvidia-resiliency-ext is a NVIDIA Resiliency Package Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the log aggregation. An attacker can gain elevated privileges, execute arbitrary code, cause service disruption, access sensitive information,...
CVE-2025-33225
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tamperi...
CVE-2025-33225
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tamperi...
EUVD-2025-203813
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tamperi...
NVIDIA Resiliency Extension 安全漏洞
NVIDIA Resiliency Extension is a Python package from NVIDIA. A security vulnerability exists in NVIDIA Resiliency Extension that originates from predictable log file names in log aggregation and could lead to elevation of privilege, code execution, denial of service, information disclosure, and...
PT-2025-51760
Name of the Vulnerable Software and Affected Versions NVIDIA Resiliency Extension for Linux affected versions not specified Description NVIDIA Resiliency Extension for Linux has an issue in its log aggregation process that allows for predictable log-file names. Exploitation of this issue could le...
Secure Over-The-Air Computation against Multiple Eavesdroppers Using Correlated Artificial Noise
In the era of the Internet of Things and massive connectivity, many engineering applications, such as sensor fusion and federated edge learning, rely on efficient data aggregation from geographically distributed users over wireless networks. Over-the-air computation shows promising potential for...
GO-2025-4103 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer in kubevirt.io/kubevirt
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer in kubevirt.io/kubevirt...
net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY
...
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
...
AZL-69793 CVE-2025-64432 affecting package kubevirt for versions less than 1.5.3-2
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...
CVE-2025-64432
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...
CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...
CVE-2025-64432
CVE-2025-64432 affects KubeVirt, specifically the virt-api component, where the mTLS authentication flow fails to validate the CN field in client certificates against the extension-apiserver-authentication config, enabling potential RBAC bypass by communicating directly with the aggregated API se...
EUVD-2025-38218
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...
CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...
CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
Summary Short summary of the problem. Make the impact and severity as clear as possible. A flawed implementation of the Kubernetes aggregation layer's authentication flow could enable bypassing RBAC controls. Details Give all details on the vulnerability. Pointing to the incriminated source code ...