DEBIAN-CVE-2025-38499

In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a...

AZL-73470 CVE-2025-38499 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a...

UBUNTU-CVE-2025-38499

In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a...

CVE-2025-38499

CVE-2025-38499 affects the Linux kernel. The issue arises in clone_private_mnt() where CAP_SYS_ADMIN is checked in the wrong user namespace, potentially allowing a local attacker with low privileges to influence mount handling and affect availability. The referenced advisories show this CVE is tr...

CVE-2025-38499

In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a...

CVE-2025-38499 clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns

In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a...

CVE-2025-38499 clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns

In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from cloneprivatemnt not validating the CAPSYSADMIN privilege in the user's namespace, which could lead to elevat...

CLSA-2025-1754648405 Fix CVE(s): CVE-2025-27613, CVE-2025-27614, CVE-2025-46835

SECURITY UPDATE: potential file creation/truncation when cloning untrusted repository in gitk - debian/patches/CVE-2025-27613CVE-2025-27614CVE-2025-46835.patch: improve dark mode support, remove hard-coded colors in ttext calls and use colors from the theme for text widgets via Text.Background an...

Malicious code in flashsimplelogger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8c4753ee44e481f1f689cfaeddcddaef8dcdf86fbb1db19b3fe0acc2fadac305 It's a clone of "loguru" package which on import loads a second-stage script from loguru.guru. This makes a few checks and downloads the next stage, which is a...

Malicious code in loggerex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7a27ca3e673f54a1e041d55e84b8a0e871239df2331c9a3fd1dbe20d1fa86f56 It's a clone of "loguru" package which on import loads a second-stage script from loguru.guru. This makes a few checks and downloads the next stage, which is a...

MAL-2025-191784 Malicious code in loquru (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a98209ec0f506986521ebd7b24de4f266f6bb61aba50f2dc511c391f1037848b It's a clone of "loguru" package which on import loads a second-stage script from loguru.guru. This makes a few checks and downloads the next stage, which is a...

Malicious code in loquru (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a98209ec0f506986521ebd7b24de4f266f6bb61aba50f2dc511c391f1037848b It's a clone of "loguru" package which on import loads a second-stage script from loguru.guru. This makes a few checks and downloads the next stage, which is a...

SUSE CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

CVE-2023-53158

A flaw was found in gix-transport. The handling of clone URLs by the crate allows an attacker to execute arbitrary commands by injecting a malicious substring into the URL, specifically through the ssh protocol and ProxyCommand option. This vulnerability allows a local attacker to trigger command...

git: Git arbitrary file writes

A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles,...

git: Git arbitrary file writes

A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles,...

CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

AZL-66020 CVE-2023-53158 affecting package rust for versions less than 1.72.0-8

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

git: Git arbitrary file writes

A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles,...