201 matches found
UBUNTU-CVE-2026-46104
In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperms currently dereference sk-sksecurity directly, which assumes the...
PT-2026-44227
In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sock has perm and nlmsg sock has extended perms currently dereference sk-sk security directly, which assumes...
UBUNTU-CVE-2026-46054
In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap and mprotect access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file the "user" file and the mounter's credentials ar...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: prevents the LSM program from leaking after a failed attach. In 0, we added the ability to use bpfprogattach for LSM programs within cgroups. However, during our validation to ensure that the program is indeed attached to...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...
Astra Linux - уязвимость в parsec
The vulnerability of the gobblefile function in the lsm utility of the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause service failures...
runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...
runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...
Ubuntu Pro FIPS-updates 22.04 LTS : Linux kernel (Azure FIPS) vulnerabilities (USN-8163-1)
"The remote Ubuntu Pro FIPS-updates 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8163-1 advisory. Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker...
USN-8165-1 linux-azure-fips vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...
USN-8164-1: Linux kernel (Intel IoTG Real-time) vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...
CVE-2018-25255
10-Strike LANState 8.8 has a local buffer overflow in structured exception handling. An attacker can craft a malicious LSM map file with a payload in the ObjCaption parameter to overflow a buffer, overwrite the SEH chain, and execute shellcode when the file is opened in LANState. This vulnerabili...
CVE-2018-25255
10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that...
CVE-2018-25255 10-Strike LANState 8.8 Local Buffer Overflow SEH
10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that...
PT-2026-30375
10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that...
USN-8095-5: Linux kernel (Raspberry Pi) vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...
USN-8094-4: Linux kernel (Azure) vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...
Use Of Incorrectly-Resolved Name Or Reference
github.com/sylabs/singularity is vulnerable to Use of Incorrectly-Resolved Name or Reference. The vulnerability is due to improper handling of LSM label write operations during container execution, which allows an attacker to redirect mounts e.g., /proc and bypass security restrictions using a...
USN-8098-5: Linux kernel vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...
USN-8098-4: Linux kernel vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...