EUVD-2025-208410

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this...

CVE-2025-15547

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

CVE-2025-15576 Jail chroot escape via fd exchange with a different jail

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this...

CVE-2025-15576

CVE-2025-15576 describes a jail/chroot escape in FreeBSD. When two sibling jails are restricted to separate filesystem trees, processes in the two jails can still exchange directory descriptors via a unix domain socket and access a shared directory mounted with nullfs. During a filesystem name lo...

CVE-2025-15547

This CVE (CVE-2025-15547) maps to FreeBSD Jail escape via nullfs. Problem: if a jail is configured with allow.mount.nullfs, a privileged user inside the jail can nullfs-mount directories, exploiting kernel path-lookup limitations to escape the jail and access the host/parent filesystem. Affects F...

CVE-2025-15547 Jail escape by a privileged user via nullfs

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

CVE-2025-15547 Jail escape by a privileged user via nullfs

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from limitations in the kernel’s path lookup logic. This vulnerability could allow privileged users in jail environments configured with the allow.mount.nullfs...

FreeBSD -- Jail escape by a privileged user via nullfs

Problem Description: By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the...

EUVD-2002-0241

Malware in sbrugna...

EUVD-2008-5089

Malware in sbrugna...

EUVD-2019-15181

Malware in sbrugna...

CVE-2024-22036

CVE-2024-22036 describes a vulnerability in Rancher where a cluster/node driver can escape the chroot jail and gain root access to the Rancher container itself, with potential privilege escalation within the container and, in test/dev environments, possible escape to the host. The issue affects R...

PT-2024-19169 · Rancher +1 · Rancher +1

Name of the Vulnerable Software and Affected Versions: Rancher versions prior to 2.7.16 Rancher versions prior to 2.8.9 Rancher versions prior to 2.9.3 Description: A vulnerability has been identified in Rancher where a cluster or node driver can be used to escape the chroot jail and gain root...

CVE-2022-23085 Potential jail escape vulnerabilities in netmap

A user-provided integer option was passed to nmreqcopyin without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can affect the host...

CVE-2022-23085 Potential jail escape vulnerabilities in netmap

A user-provided integer option was passed to nmreqcopyin without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can affect the host...

CVE-2022-23084 Potential jail escape vulnerabilities in netmap

The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...

CVE-2022-23084 Potential jail escape vulnerabilities in netmap

The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...

SUSE CVE-2008-5110

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9...

FreeBSD-SA-22:04.netmap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:04.netmap Security Advisory The FreeBSD Project Topic: Potential jail escape vulnerabilities in netmap Category: core Module: netmap Announced: 2022-04-06...