218 matches found
PT-2026-51881
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free flaw exists in the drm/amdgpu component within the userq validate function. The issue occurs when amdgpu userq vm validate calls the drm exec fini function on an execution...
GHSA-GWXR-7H77-7777 Capsule: Incomplete fix of CVE-2026-30963: singular/plural typo leaves namespaces/finalize unprotected
Summary Capsule v0.13.2 webhook rules contain namespace/finalize singular instead of namespaces/finalize plural. K8s requires plural. The finalize defense from CVE-2026-30963 fix is absent. Details PUT to /api/v1/namespaces//finalize has resource=namespaces plural. The singular rule never matches...
PT-2026-50604
Name of the Vulnerable Software and Affected Versions Capsule version 0.13.2 Description A typo in the webhook rules of the software causes a failure in the defense mechanism for the namespaces/finalize subresource. The configuration uses the singular namespace/finalize instead of the plural...
CVE-2026-30963
Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...
CVE-2026-30963 Capsule Namespace Hijacking via subresource
Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...
CVE-2026-30963 Capsule Namespace Hijacking via subresource
Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...
EUVD-2026-33739
Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...
CVE-2026-30963
Capsule (a Kubernetes multi-tenancy framework) relied on a webhook to validate namespace updates, but prior to v0.13.0 it did not intercept namespace/status or namespace/finalize subresource changes. This omission enables a tenant with permission to modify those subresources to hijack other names...
GHSA-2WW6-HF35-MFJM Capsule Namespace Hijacking via subresource
Summary To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a...
Capsule Namespace Hijacking via subresource
Summary To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a...
PT-2026-44722
Name of the Vulnerable Software and Affected Versions Capsule versions prior to 0.13.0 Description Capsule uses a webhook to validate update requests targeting namespaces to prevent namespace hijacking. However, the webhook fails to define interception rules for the 'namespace/finalize' and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Correctly handling the kvmarminit failure in finalizepkvm Currently, there is no synchronization between the finalizepkvm and kvmarminit initcalls. The finalizepkvm continues to execute even if kvmarminit fails,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 – Fixed the issue of using resources after freeing them. The preprepare call must be executed before the finalize call; otherwise, finalize may free the resources that were previously allocated...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: tipc: Fixed a use-after-free in tipcmonreinitself. syzbot reported a use-after-free of tipcnetnet-monitors in tipcmonreinitself. The array is protected by RTNL, but tipcmonreinitself iterates over it without using RTNL...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx – call finalize with bh disabled When calling cryptofinalizerequest, the error bit BH should be disabled to avoid triggering the following calltrace: ------------- Cut here -------------- WARNING: CPU: 2 PID: 74 at...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: tipc: Fixed a use-after-free issue in tipcnamedreinit. syzbot identified the following issue: BUG: KASAN: Use-after-free in tipcnamedreinit+0x94f/0x9b0 net/tipc/namedistr.c:413 A 8-byte read at address ffff88805299a000 was...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010804)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010804 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-007032)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007032 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling cryptofinalizerequest, BH should be...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006896)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006896 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling cryptofinalizerequest, BH should be...
PT-2026-32370
Name of the Vulnerable Software and Affected Versions FFmpeg version 8.0.1 Description A heap buffer overflow in the av bprint finalize function allows attackers to cause a Denial of Service DoS via a crafted input. A heap buffer overflow occurs when a program writes more data to a heap-allocated...