Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001547)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001547 advisory. A vulnerability was found in the Linux kernels cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the...

Siemens Ruggedcom ROX Improper Authentication (CVE-2022-0492)

A vulnerability was found in the Linux kernel's cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly. This plugin only...

CVE-2022-50103 sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed

In the Linux kernel, the following vulnerability has been resolved: sched, cpuset: Fix dlcpubusy panic due to empty cs-cpusallowed With cgroup v2, the cpuset's cpusallowed mask can be empty indicating that the cpuset will just use the effective CPUs of its parent. So cpusetcanattach can call...

AZL-47947 CVE-2024-43853 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow An UAF can happen when /proc/cpuset is read as reported in 1. This can be reproduced by the following methods: 1.add an mdelay1000 before acquiring the cgrouplock In the cgrouppathns...

CVE-2024-43853 cgroup/cpuset: Prevent UAF in proc_cpuset_show()

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow An UAF can happen when /proc/cpuset is read as reported in 1. This can be reproduced by the following methods: 1.add an mdelay1000 before acquiring the cgrouplock In the cgrouppathns...

CVE-2024-43853 cgroup/cpuset: Prevent UAF in proc_cpuset_show()

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow An UAF can happen when /proc/cpuset is read as reported in 1. This can be reproduced by the following methods: 1.add an mdelay1000 before acquiring the cgrouplock In the cgrouppathns...

use-after-free flaw found in cgroup1_parse_param (possible denial of service)

A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service ...

SUSE CVE-2021-4154

A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service ...

Exploit for Improper Input Validation in Imagemagick

Container Escape Exploit This is a container escape exploit t...

The vulnerability of the `cgroup1_parse_param` function in the kernel/cgroup/cgroup-v1.c file of the Linux operating system allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the cgroup1parseparam function in the kernel/cgroup/cgroup-v1.c file of the Linux operating system is related to the lack of checks to ensure that the source parameter is indeed a string. Exploiting this vulnerability could allow an attacker to access confidential data,...

Unbreakable Enterprise kernel security update

4.1.12-124.65.1 - cgroup-v1: Require capabilities to set releaseagent Eric W. Biederman Orabug: 33825689 CVE-2022-0492 - ocfs2: kill EBUSY from dlmfsevictinode Junxiao Bi Orabug: 34091904 - ocfs2: dlmfs: fix error handling of userdlmdestroylock Junxiao Bi via Ocfs2-devel Orabug: 34091904 - ocfs2:...

ASB-A-218836280

In cgroup1parseparam of cgroup-v1.c, there is a possible container breakout due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

kernel security and bug fix update

3.10.0-1160.66.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x64 = 15-2.0.9 - Update oraclekernel-sig-key...

CLSA-2022-1650986589 Fix of CVE: CVE-2021-0920, CVE-2022-0492, CVE-2020-0466, CVE-2021-4155

cgroup-v1: Require capabilities to set releaseagent ELSCVE-3555 CVE-2022-0492 - xfs: map unwritten blocks in XFSIOCALLOC,FREESP just like fallocate ELSCVE-3891 CVE-2021-4155 - afunix: fix garbage collect vs MSGPEEK ELSCVE-3728 CVE-2021-0920 - epoll: Keep a reference on files added to the check...

Fix of CVE: CVE-2020-0466, CVE-2022-0492, CVE-2021-4155, CVE-2021-0920

cgroup-v1: Require capabilities to set releaseagent ELSCVE-3555 CVE-2022-0492 - xfs: map unwritten blocks in XFSIOCALLOC,FREESP just like fallocate ELSCVE-3891 CVE-2021-4155 - afunix: fix garbage collect vs MSGPEEK ELSCVE-3728 CVE-2021-0920 - epoll: Keep a reference on files added to the check...

kernel security, bug fix, and enhancement update

4.18.0-348.20.15.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout

A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service ...

Debian: Security Advisory (DSA-5095-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unbreakable Enterprise kernel security update

4.14.35-2047.511.5.2 - cgroup-v1: Require capabilities to set releaseagent Eric W. Biederman Orabug: 33876756 CVE-2022-0492 - scsi: libiscsi: Hold backlock when calling iscsicompletetask Gulam Mohamed Orabug: 33876755 4.14.35-2047.511.5.1 - arm64, mm, efi: Account for GICv3 LPI tables in static...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.304.4.1 - Revert rds/ib: Kernel upgrade to rdsibconns info displayed by rds-info Rohit Nair Orabug: 33832625 - cgroup-v1: Require capabilities to set releaseagent Eric W. Biederman Orabug: 33832582 CVE-2022-0492 5.4.17-2136.304.4 - scsi: libiscsi: Fix iscsitask use after free Mike...