Astra Linux - уязвимость в runc-app

Runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, an attacker can trick runc into binding /dev/pts/$n to /dev/console. Normally, these paths are made read-onl...

RHCOS 4 : OpenShift Container Platform 4.7.45 (RHSA-2022:0870)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0870 advisory. - cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied t...

Oracle Linux 9 : systemd (ELSA-2025-22660)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-22660 advisory. - coredump: use %d in kernel core pattern - CVE-2025-4598 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...

systemd security update

252-55.0.3.7 - serialize: don't allocate 1M on the stack just like that LINUX-16166 - Route logs from container mapped uids to the system journal Orabug: 38135007 - Drop delay when nspawn fails to reset loginuid Orabug: 37793135 - Improve logging for api bus connection and subscribers Orabug:...

CVE-2025-52565 container escape due to /dev/console mount and related races

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

CVE-2025-52565 container escape due to /dev/console mount and related races

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

GHSA-QW9X-CQR3-WC7R runc container escape with malicious config due to /dev/console mount and related races

Impact This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target namely, the bind-mount of /dev/pts/$n to /dev/console as configured for all containers that allocate a console. In runc version 1.0.0-rc3 and later...

SUSE-SU-2025:20597-1 Security update for systemd

This update for systemd fixes the following issues: - Remove the script used to help migrating the language and locale settings located in /etc/sysconfig/language on old systems to the systemd default locations bsc1247074 The script was introduced more than 7 years ago and all systems running TW...

SUSE-SU-2025:20554-1 Security update for systemd

This update for systemd fixes the following issues: - Remove the script used to help migrating the language and locale settings located in /etc/sysconfig/language on old systems to the systemd default locations bsc1247074 The script was introduced more than 7 years ago and all systems running TW...

Linux Distros Unpatched Vulnerability : CVE-2025-4598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the...

Security update for systemd

This update for systemd fixes the following issues: coredump: use %d in kernel core pattern CVE-2025-4598 Revert "macro: terminate the temporary VAARGSFOREACH array with a sentinel" SUSE specific umount: do not move busy network mounts bsc1236177 man/pstore.conf: pstore.conf template is not alway...

SUSE-SU-2025:20416-1 Security update for systemd

This update for systemd fixes the following issues: - coredump: use %d in kernel core pattern CVE-2025-4598 - Revert "macro: terminate the temporary VAARGSFOREACH array with a sentinel" SUSE specific - umount: do not move busy network mounts bsc1236177 - man/pstore.conf: pstore.conf template is n...

Security update for systemd

This update for systemd fixes the following issues: coredump: use %d in kernel core pattern CVE-2025-4598 Revert "macro: terminate the temporary VAARGSFOREACH array with a sentinel" SUSE specific umount: do not move busy network mounts bsc1236177 man/pstore.conf: pstore.conf template is not alway...

systemd security update

239-82.0.4.5 - coredump: use %d in kernel core pattern - CVE-2025-4598...

systemd security update

252-51.0.2 - coredump: use %d in kernel core pattern - CVE-2025-4598...

Exploit for NULL Pointer Dereference in Linux Linux_Kernel

DECPwn Practicing different Linux kernel exploitation techniqu...

PT-2022-10744 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to...

CRI-O: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deploy...

CRI-O: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deploy...

CRI-O: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deploy...