Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001926)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001926 advisory. The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that change the root...

Security update for kernel-livepatch-MICRO-6-0_Update_10

This update for kernel-livepatch-MICRO-6-0Update10 fixes the following issues: CVE-2025-38566: sunrpc: fix handling of server side tls alerts bsc1248376 CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673 CVE-2025-38678: netfilter: nftables: rejec...

SUSE-SU-2025:20876-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_7

This update for kernel-livepatch-MICRO-6-0-RTUpdate7 fixes the following issues: - CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 - CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM bypass bsc1247158 - CVE-2025-38471: kernel: tls: always refresh the queue...

SUSE-SU-2025:20916-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_8

This update for kernel-livepatch-MICRO-6-0-RTUpdate8 fixes the following issues: - CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 - CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM bypass bsc1247158 - CVE-2025-38471: kernel: tls: always refresh the queue...

SUSE-SU-2025:3736-1 Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-15050055100 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...

Security update for the Linux Kernel (Live Patch 71 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122269 fixes several issues. The following security issues were fixed: CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free bsc1250302. CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. CVE-2025-38644:...

SUSE SLES15 Security Update : kernel RT (Live Patch 13 for SLE 15 SP6) (SUSE-SU-2025:03646-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03646-1 advisory. This update for the Linux Kernel 6.4.0-1506001044 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter:...

SUSE-SU-2025:03671-1 Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059179 fixes several issues. The following security issues were fixed: - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous...

SUSE-SU-2025:03663-1 Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059174 fixes several issues. The following security issues were fixed: - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous...

SUSE-SU-2025:03638-1 Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001017 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...

SUSE CVE-2021-3739

A NULL pointer dereference flaw was found in the btrfsrmdevice function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires 'CAPSYSADMIN'. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability...

Profile Box Shortcode And Widget < 1.2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC When creating a new widget, insert...

AM-HiLi <= 1.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

AZL-6558 CVE-2021-31916 affecting package kernel for versions less than 5.10.78.1-1

An out-of-bounds OOB memory write flaw was found in listdevices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user CAPSYSADMIN privilege to gain access to out-of-bounds memory leading to a system...

UBUNTU-CVE-2017-17448

net/netfilter/nfnetlinkcthelper.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnlcthelperlist data structure is shared across all net namespaces...

kernel: out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt

An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt. The function call is normally restricted to root, however some processes with capsysadmin may also be able to trigger this flaw in privileged container environments...

PT-2013-1030 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 3.12.1 Description: The issue is related to the aac send raw srb function in the Linux kernel, which does not properly validate a certain size value. This can be exploited by local users with CAP SYS ADMIN...

UBUNTU-CVE-2013-3301

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by leveraging the CAPSYSADMIN capability for write access to the 1 setftracepid or 2 setgraphfunction file...