39 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
A vulnerability was discovered in the cgroupreleaseagentwrite function of the Linux kernel, within the kernel/cgroup/cgroup-v1.c file. Under certain circumstances, this flaw allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass namespace isolation unexpectedly...
VulnCheck KEV: CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow A UAF can occur when reading /proc/cpuset, as reported in 1. This issue can be reproduced using the following methods: 1. Add an mdelay1000 before acquiring the cgrouplock in the...
CVE-2026-43916
Summary: pam_authnft is affected by a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134) that could allow a crafted NETLINK_SOCK_DIAG reply to bypass the message-size check and dereference past the end of the allocation. This vulnerability exists prior to version 0.2.0-alpha and is ...
EUVD-2026-29474
pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992815)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992815 advisory. In the Linux kernel, the following vulnerability has been resolved: sched, cpuset: Fix dlcpubusy panic due to empty cs-cpusallowed With cgroup v2, the cpuset's...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992555)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992555 advisory. In the Linux kernel, the following vulnerability has been resolved: sched, cpuset: Fix dlcpubusy panic due to empty cs-cpusallowed With cgroup v2, the cpuset's...
Security update for runc
This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc1252110 Includes an important fix for the CPUSet translation for...
SUSE-SU-2025:21036-1 Security update for runc
This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc1252110 - Includes an important fix for the CPUSet translation for...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414536)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414536 advisory. A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege coul...
EUVD-2022-55369
Malicious code in bioql PyPI...
Cri-o: pods are able to break out of resource confinement on cgroupv2
...
Linux Distros Unpatched Vulnerability : CVE-2021-4154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege...
DEBIAN-CVE-2024-43853
In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow An UAF can happen when /proc/cpuset is read as reported in 1. This can be reproduced by the following methods: 1.add an mdelay1000 before acquiring the cgrouplock In the cgrouppathns...
kernel: ovl: fix warning in ovl_create_real()
In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovlcreatereal Syzbot triggered the following warning in ovlworkdircreate - ovlcreatereal: if !err && WARNON!newdentry-dinode The reason is that the cgroup2 filesystem returns from mkdir without instantiating t...
kernel: ovl: fix warning in ovl_create_real()
In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovlcreatereal Syzbot triggered the following warning in ovlworkdircreate - ovlcreatereal: if !err && WARNON!newdentry-dinode The reason is that the cgroup2 filesystem returns from mkdir without instantiating t...
SUSE CVE-2021-47579
In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovlcreatereal Syzbot triggered the following warning in ovlworkdircreate - ovlcreatereal: if !err && WARNON!newdentry-dinode The reason is that the cgroup2 filesystem returns from mkdir without instantiating t...
UBUNTU-CVE-2021-47579
In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovlcreatereal Syzbot triggered the following warning in ovlworkdircreate - ovlcreatereal: if !err && WARNON!newdentry-dinode The reason is that the cgroup2 filesystem returns from mkdir without instantiating t...
cri-o: Pods are able to break out of resource confinement on cgroupv2
A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node...
PT-2023-36236 · Conmon · Conmon
Name of the Vulnerable Software and Affected Versions: conmon versions prior to 2.1.7 Description: The issue concerns conmon, where several bugs have been fixed, including leaking symbolic links in the opt socket path directory, cgroup oom issues, and OOM watcher for cgroupv2 oom kill events. The...