39 matches found
CVE-2026-43916
pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...
CVE-2026-43916 pam_authnft: Heap buffer overflow in NETLINK_SOCK_DIAG reply walker
pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...
PT-2026-40031
pam authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer lookup tcp src/peer lookup.c:134, prior to the fix allowed a crafted NETLINK SOCK DIAG reply to slip past the message-size check...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004399)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004399 advisory. A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000328)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000328 advisory. A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use...
Security update for runc
This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc1252110 Includes an important fix for the CPUSet translation for...
SUSE-SU-2025:4073-2 Security update for runc
This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc1252110 - Includes an important fix for the CPUSet translation for...
SUSE-SU-2025:4077-1 Security update for runc
This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc1252110 - Includes an important fix for the CPUSet translation for...
SUSE-SU-2025:4073-1 Security update for runc
This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc1252110 - Includes an important fix for the CPUSet translation for...
SUSE-SU-2025:21054-1 Security update for runc
This update for runc fixes the following issues: - Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 - Update to runc v1.3.2. Upstream changelog is available from bsc1252110 - Includes an important fix for the CPUSet translation...
EUVD-2020-6500
Malware in sbrugna...
container-tools:ol8 security update
aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common 1-82.0.1 - Updated removed references Orabug: 33473101 Alex Burmashev - Adjust registries.conf Nikita Gerasimov - remove references to RedHat registry Nikita Gerasimov container-selinux criu crun fuse-overlay...
Oracle Linux 8 : container-tools:ol8 (ELSA-2024-6969)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6969 advisory. aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp netavark...
container-tools:ol8 security update
aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp netavark oci-seccomp-bpf-hook podman 4.9.4-13.0.1 - Fixes issue of container created in cgroupv2 not start in cgroupv1 Orabug: 36136813 - Fixes container...
GO-2024-2458 CRI-O's pods can break out of resource confinement on cgroupv2 in github.com/cri-o/cri-o
CRI-O's pods can break out of resource confinement on cgroupv2 in github.com/cri-o/cri-o...
Moderate: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CRI-O's pods can break out of resource confinement on cgroupv2
Impact What kind of vulnerability is it? Who is impacted? All versions of CRI-O running on cgroupv2 nodes. Unchecked access to an experimental annotation allows a container to be unconfined. Back in 2021, support was added to support an experimental annotation that allows a user to request specia...
GHSA-P4RX-7WVG-FWRC CRI-O's pods can break out of resource confinement on cgroupv2
Impact What kind of vulnerability is it? Who is impacted? All versions of CRI-O running on cgroupv2 nodes. Unchecked access to an experimental annotation allows a container to be unconfined. Back in 2021, support was added to support an experimental annotation that allows a user to request specia...
CVE-2023-6476 Cri-o: pods are able to break out of resource confinement on cgroupv2
A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node...
CRI-O Security Vulnerabilities
CRI-O is a lightweight container runtime environment for Kubernetes systems. CRI-O suffers from a security vulnerability that stems from the ability of a Pod to break through a resource limit on cgroupv2, resulting in a denial of service...