4 matches found
SUSE CVE-2026-40225
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output...
EUVD-2026-21399
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output...
PT-2026-31933
Name of the Vulnerable Software and Affected Versions systemd versions 259 through 259 Description A local privilege escalation exists in systemd-machined. This occurs because varlink, a lightweight communication protocol, can be used to reach the root namespace, allowing a local attacker to gain...
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir NULL NULL) and files using g_file_replace_contents (kfsb->file contents length NULL FALSE G_FILE_CREATE_REPLACE_DESTINATION NULL NULL NULL). Consequently it does not properly restrict directory (and file) permissions. Instead for directories 0777 permissions are used; for files default file permissions are used. This is similar to CVE-2019-12450.
...