CVE-2022-50381 md: fix a crash in mempool_free

In the Linux kernel, the following vulnerability has been resolved: md: fix a crash in mempoolfree There's a crash in mempoolfree when running the lvm test shell/lvchange-rebuild-raid.sh. The reason for the crash is this: superwritten calls atomicdecandtest&mddev-pendingwrites and...

Improper Access Control

github.com/canonical/lxd is vulnerable to Improper Access Control. The vulnerability allows a user with limited privileges to potentially gain root access on the system. The exploit requires specific configuration settings which enables the attacker to create a disk device with shift=true within...

GHSA-X9QQ-236J-GJ97 Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true

Summary If a user has restricted access to a project that is configured with restricted=true, they can gain root access on the system by creating a disk device with shift=true and creating a setuid root executable. This is possible because the shift property is not restricted unless...

Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true

Summary If a user has restricted access to a project that is configured with restricted=true, they can gain root access on the system by creating a disk device with shift=true and creating a setuid root executable. This is possible because the shift property is not restricted unless...

PT-2023-33072 · Lxd · Lxd

Name of the Vulnerable Software and Affected Versions: LXD affected versions not specified Description: A security issue allows users with restricted access to a project to gain root access on the system by creating a disk device with shift=true and creating a setuid root executable. This is...

SUSE CVE-2010-4668

The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service panic via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix f...

Linux kernel competitive conditions issue vulnerability (CNVD-2021-22160)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the default privileges being limited to root on the floppy disk device dev fd0.No details of the vulnerabili...

OPENSUSE-SU-2020:1105-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: dracut-saltboot: - Print a list of available disk devices bsc1170824 - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'have...

Fedora 8 : kvm-60-2.fc8 (2008-1993)

Ian Jackson discovered that accesses beyond end of qemu emulated disk devices can result in accesses to emulator's virtual memory space accesses and thus can allow user with sufficient privilege in guest root, as this would need modification to kernel's driver to break out of VM...