80 matches found
virt:ol and virt-devel:ol security update
qemu-kvm 4.2.0-59.el85.2 - kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch bz2048627 - Resolves: bz2048627 CVE-2022-0358 virt:rhel/qemu-kvm: QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 rhel-8.5.0.z...
Linux Distros Unpatched Vulnerability : CVE-2018-13405
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario...
CentOS 9 : qemu-kvm-6.2.0-7.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the qemu-kvm-6.2.0-7.el9 build changelog. - The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group...
K00854051: Linux kernel vulnerability CVE-2018-13405
Security Advisory Description The inodeinitowner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group...
Amazon Linux 2022 : qemu, qemu-audio-alsa, qemu-audio-oss (ALAS2022-2022-050)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-050 advisory. A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution...
AZL-10763 CVE-2022-0358 affecting package qemu for versions less than 6.2.0-5
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
Design/Logic Flaw
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
Design/Logic Flaw
A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...
Important: Red Hat Security Advisory: kernel-rt security and bug fix update
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
RHEL 8 : kernel-rt (RHSA-2022:4835)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4835 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...
RHEL 8 : kernel (RHSA-2022:4829)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4829 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: buffer overflow in IPsec ESP...
Debian DSA-5133-1 : qemu - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5133 advisory. Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the execution of arbitrary code. For the...
Moderate: Red Hat Security Advisory: virt:av and virt-devel:av qemu-kvm security update
An update for the virt:av and virt-devel:av modules is now available for Red Hat Enterprise Linux Advanced Virtualization 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Moderate: Red Hat Security Advisory: virt:av and virt-devel:av security and bug fix update
An update for the virt:av and virt-devel:av modules is now available for Red Hat Enterprise Linux Advanced Virtualization 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, whi...
QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
Moderate: Red Hat Security Advisory: virt:av and virt-devel:av security and bug fix update
An update for the virt:av and virt-devel:av modules is now available for Advanced Virtualization for RHEL 8.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2022-0886)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0886 advisory. qemu-kvm 4.2.0-59.el85.2 - kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch bz2048627 - Resolves: bz2048627 CVE-2022-0358 virt:rhel/qemu-kvm: QEMU...
QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
Moderate: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security update
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
ALSA-2022:0886 Moderate: virt:rhel and virt-devel:rhel security update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...