CVE-2026-25740 Privilege escalation to the `CAP_NET_RAW` capability via the `programs.captive-browser` NixOS module

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAPNETRAW capability binding to privileged ports, spoofing localho...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004465)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004465 advisory. Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issu...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001351)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001351 advisory. A missing CAPNETRAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000917)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000917 advisory. Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes...

Linux Distros Unpatched Vulnerability : CVE-2021-23134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the...

SUSE CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

SUSE CVE-2018-1065

The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service NULL pointer dereference by leveraging the CAPNETRAW or CAPNETADMIN capability, related to...

PT-2021-4248

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.4 Description The issue is related to a Use After Free vulnerability in the NFC sockets of the Linux kernel. This vulnerability can be exploited by a local attacker to elevate their privileges. In typical...

kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol

A vulnerability was found in the Linux kernel’s implementation of the AFISDN protocol, which does not enforce the CAPNETRAW capability. This flaw can allow unprivileged users to create a raw socket for this protocol. This could further allow the user to control the availability of an existing ISD...

UBUNTU-CVE-2020-26088

A missing CAPNETRAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a...

DEBIAN-CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

UBUNTU-CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

kernel: net/packet: overflow in check for priv area size

It was found that the packetsetring function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAPNETRAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or a privilege escalation...

kernel: net/packet/af_packet.c: reading uninitialized stack memory

net/packet/afpacket.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAPNETRAW capability to read copies of the applicable structures...