Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: initramfs: Avoid filename buffer overflow The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as follows: plaintext 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 +...

SUSE CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

DEBIAN-CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

CVE-2026-6893

CVE-2026-6893 affects the dracut project, specifically the legacy DHCP path. A remote attacker on an adjacent network can trigger root code execution in the initramfs by sending specially crafted DHCP options (for example, a malicious hostname). The options are improperly handled and written into...

EUVD-2026-36110

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

CVE-2026-6893 Dracut: dracut: root code execution via dhcp options command injection

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

CVE-2026-6893 Dracut: dracut: root code execution via dhcp options command injection

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

dracut project dracut 命令注入漏洞

Dracut is an event-driven initramfs generation tool developed by Dracutdevs. Dracut has a vulnerability related to operating system command injection. This vulnerability arises when remote attackers provide custom DHCP options, which are improperly processed and written into temporary shell...

PT-2026-48526

Name of the Vulnerable Software and Affected Versions dracut affected versions not specified Description A flaw in the legacy DHCP path allows a remote attacker on the adjacent network to achieve root code execution within the initramfs initial RAM file system, which is loaded with the kernel at...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copy-success — CVE-2026-31431 Compensating Control A defensiv...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

cfDr - Copy Fail Doctor Copy Fail Detection and...

Kernel-Exploitation

🏆 Ultimate Master Guide: Kernel Exploit Labs Welcome to the b...

CVE-2026-25828

grub-btrfs through 2026-01-31 on Arch Linux and derivative distributions allows initramfs OS command injection because it does not sanitize the $root parameter to resolvedevice. NOTE: a third party reports "exploitation may not be feasible under normal conditions and may depend on specific...

CVE-2026-25828

grub-btrfs through 2026-01-31 on Arch Linux and derivative distributions allows initramfs OS command injection because it does not sanitize the $root parameter to resolvedevice. NOTE: a third party reports "exploitation may not be feasible under normal conditions and may depend on specific...

CVE-2026-25828

grub-btrfs through 2026-01-31 on Arch Linux and derivative distributions allows initramfs OS command injection because it does not sanitize the $root parameter to resolvedevice. NOTE: a third party reports "exploitation may not be feasible under normal conditions and may depend on specific...

CVE-2026-25828

CVE-2026-25828 affects grub-btrfs up to 2026-01-31 on Arch Linux and derivatives. The initramfs hook grub-btrfs-overlayfs passes the kernel parameter $root to resolve_device() without sanitization, enabling potential initramfs command execution as root during boot. The issue is rooted in not sani...

CVE-2026-25828

grub-btrfs through 2026-01-31 on Arch Linux and derivative distributions allows initramfs OS command injection because it does not sanitize the $root parameter to resolvedevice. NOTE: a third party reports "exploitation may not be feasible under normal conditions and may depend on specific...