Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414532)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414532 advisory. An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987239)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987239 advisory. In the Linux kernel, the following vulnerability has been resolved: iocost: Fix divide-by-zero on donation from low hweight cgroup The donation calculation logic...

CVE-2022-50488 block, bfq: fix possible uaf for 'bfqq->bic'

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq-bic' Our test report a uaf for 'bfqq-bic' in 5.10: ================================================================== BUG: KASAN: use-after-free in bfqselectqueue+0x378/0xa30 CPU: 6 PID:...

PT-2025-40722

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.0-60.18.0.50.h602 Description The Linux kernel contains a use-after-free issue within the block, bfq Best Effort Queue subsystem. Specifically, the issue relates to the bfqq-bic pointer. A scenario involving...

EUVD-2022-15629

Malicious code in bioql PyPI...

EUVD-2021-34056

Malicious code in bioql PyPI...

EUVD-2022-15291

Malicious code in bioql PyPI...

EUVD-2025-12998

Malicious code in bioql PyPI...

NewStart CGSL MAIN 6.06 : kernel Multiple Vulnerabilities (NS-SA-2025-0206)

The remote NewStart CGSL host, running version MAIN 6.06, has kernel packages installed that are affected by multiple vulnerabilities: - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of...

CVE-2025-39756

In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INTMAX When sysctlnropen is set to a very high value for example, 1073741816 as set by systemd, processes attempting to use file descriptors near the limit can trigger massi...

Security update for atop (low)

openSUSE Security Update: Security update for atop Announcement ID: openSUSE-SU-2025:0204-1 Rating: low References: 1240393 Cross-References: CVE-2025-31160 Affected Products: openSUSE Backports SLE-15-SP6 openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available...

CVE-2025-47291

containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not...

CVE-2025-47291 containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods.

containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not...

SUSE CVE-2022-49786

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcgcssonline blkcgcssonline is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins,...

DEBIAN-CVE-2022-49786

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcgcssonline blkcgcssonline is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins,...

CVE-2022-49786

The CVE-2022-49786 issue affects the Linux kernel’s blk-cgroup subsystem. Root cause: blkcg_css_online incorrectly pinned the parent after a 397c9f46 refactor, pinning the css instead of the parent blkcg, which leads to extra pins and leakage of blkcgs and cgroups. Impact stated: leakage of blkcg...

AZL-60367 CVE-2023-52939 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: mm: memcg: fix NULL pointer in memcgrouptrackforeigndirtyslowpath As commit 18365225f044 "hwpoison, memcg: forcibly uncharge LRU pages", hwpoison will forcibly uncharg a LRU hwpoisoned page, the foliomemcg could be NULl, then,...

UBUNTU-CVE-2022-49394

In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix inflight count imbalances and IO hangs on offline iolatency needs to track the number of inflight IOs per cgroup. As this tracking can be expensive, it is disabled when no cgroup has iolatency configured for th...

UBUNTU-CVE-2022-49413

In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup or in case of writeback just starts submitting bios associated with a different cgroup bfqmergebio can operate with stale cgroup...

CVE-2022-49647

CVE-2022-49647 affects the Linux kernel cgroups migration code. The vulnerability stems from overloading cset->mg_preload_node for both src and dst preload lists during task migrations, which could allow a cset to be simultaneously sourced and destined, risking a use-after-free if all tasks le...