Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validated dbl2nbperpage during mounting In jfsdmap.c, on line 381, BLKTODMAP is used to obtain a logical block number within dbFree. dbl2nbperpage, which represents the log2 of the number of blocks per page, is pass...

CVE-2026-23953 Incus container environment configuration newline injection

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992779 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validate dbl2nbperpage while mounting In jfsdmap.c at line 381, BLKTODMAP is used t...

OESA-2025-2820 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991141)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991141 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validate dbl2nbperpage while mounting In jfsdmap.c at line 381, BLKTODMAP is used t...

AZL-70592 CVE-2025-31133 affecting package kubernetes for versions less than 1.30.10-16

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...

PT-2025-40711

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's ext2 functionality related to block size validity during mount operations. Insufficient validation of the block size log stored in the superblock coul...

EUVD-2023-59862

Malicious code in bioql PyPI...

DEBIAN-CVE-2023-53222

In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validate dbl2nbperpage while mounting In jfsdmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree. dbl2nbperpage, which is the log2 number of blocks per page, is passed as an argument to...

CVE-2023-53222

In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validate dbl2nbperpage while mounting In jfsdmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree. dbl2nbperpage, which is the log2 number of blocks per page, is passed as an argument to...

UBUNTU-CVE-2023-53222

In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validate dbl2nbperpage while mounting In jfsdmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree. dbl2nbperpage, which is the log2 number of blocks per page, is passed as an argument to...

CVE-2023-53222 jfs: jfs_dmap: Validate db_l2nbperpage while mounting

In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validate dbl2nbperpage while mounting In jfsdmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree. dbl2nbperpage, which is the log2 number of blocks per page, is passed as an argument to...

CVE-2023-53222 jfs: jfs_dmap: Validate db_l2nbperpage while mounting

In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validate dbl2nbperpage while mounting In jfsdmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree. dbl2nbperpage, which is the log2 number of blocks per page, is passed as an argument to...

CVE-2023-53222 jfs: jfs_dmap: Validate db_l2nbperpage while mounting

In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validate dbl2nbperpage while mounting In jfsdmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree. dbl2nbperpage, which is the log2 number of blocks per page, is passed as an argument to...

AZL-66174 CVE-2025-38499 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a...

SUSE CVE-2025-38230

In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount to prevent crashes Validate dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL,...

Security update for docker

This update for docker fixes the following issues: Security fixes: CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts bsc1219267 CVE-2024-23652: Fixed insufficient validation of parent directory on mount bsc1219268 CVE-2024-23653: Fixed insufficient validation on...

SUSE-SU-2025:20056-1 Security update for docker

This update for docker fixes the following issues: Security fixes: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts bsc1219267 - CVE-2024-23652: Fixed insufficient validation of parent directory on mount bsc1219268 - CVE-2024-23653: Fixed insufficient validation on...

cri-o: Checkpoint restore can be triggered from different namespaces

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the...

AZL-53540 CVE-2024-8676 affecting package cri-o 1.30.1-1

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the...