14 matches found
CVE-2026-46104
CVE-2026-46104 affects the Linux kernel where SELinux socket state is stored in the composite LSM socket blob. The vulnerability arises in sock_has_perm() and nlmsg_sock_has_extended_perms(), which currently dereference sk->sk_security directly, assuming the SELinux blob is at offset zero. In ...
CVE-2024-47740
In the Linux kernel, the following vulnerability has been resolved: f2fs: Require FMODEWRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inodeownerorcapable, but this does not give LSMs like SELinux or Landlock an opportunity to deny the write acces...
CVE-2024-47740
In the Linux kernel, the following vulnerability has been resolved: f2fs: Require FMODEWRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inodeownerorcapable, but this does not give LSMs like SELinux or Landlock an opportunity to deny the write acces...
CVE-2024-47740 f2fs: Require FMODE_WRITE for atomic write ioctls
In the Linux kernel, the following vulnerability has been resolved: f2fs: Require FMODEWRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inodeownerorcapable, but this does not give LSMs like SELinux or Landlock an opportunity to deny the write acces...
CVE-2024-47740 f2fs: Require FMODE_WRITE for atomic write ioctls
In the Linux kernel, the following vulnerability has been resolved: f2fs: Require FMODEWRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inodeownerorcapable, but this does not give LSMs like SELinux or Landlock an opportunity to deny the write acces...
CVE-2024-41012 filelock: Remove locks reliably when fcntl/close race is detected
In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntlsetlk races with close, it removes the created lock with dolockfilewait. However, LSMs can allow the first dolockfilewait that created the lock while...
CVE-2024-41012
CVE-2024-41012 (Linux kernel) describes a filelock race where fcntl_setlk() races with close() and a second path in posix_lock_file() could fail to remove a lock. In certain LSMs this could let a created lock survive a competing removal, enabling use-after-free reads in /proc/locks and potentiall...
CVE-2024-41012
In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntlsetlk races with close, it removes the created lock with dolockfilewait. However, LSMs can allow the first dolockfilewait that created the lock while...
Design/Logic Flaw
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access t...
Oracle Solaris Critical Patch Update : jan2019_SRU11_4_3_5_0 (Foreshadow) (Spectre)
This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated...
fusermount - user_allow_other Restriction Bypass and SELinux Label Control
fusermount - userallowother Restriction Bypass and SELinux Label Control / It is possible to bypass fusermount's restrictions on the use of the "allowother" mount option as follows if SELinux is active. Here's a minimal demo, tested on a Debian system with SELinux enabled in permissive mode:...
Oracle Solaris Critical Patch Update : apr2018_SRU11_3_31_6_0 (Spectre)
This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Communications LSMS component of Oracle Communications Applications subcomponent: Platform Kernel. Supported versions that are affected are 13.1, 13.2 and 13.3. Difficult to...
Ubuntu Update for linux USN-1363-1
Ubuntu Update for Linux kernel vulnerabilities USN-1363-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN13631.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for linux USN-1363-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...
USN-1363-1: Linux kernel vulnerabilities
A bug was discovered in the Linux kernel's calculation of OOM Out of memory scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. CVE-2011-4097 A flaw was found...