Ubuntu 24.04 LTS / 24.10 : Linux kernel vulnerabilities (USN-7448-1)

The remote Ubuntu 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7448-1 advisory. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling...

CVE-2025-21677

CVE-2025-21677 is a Linux kernel vulnerability where a PFCP device is attached to the wrong network namespace, causing the device to remain alive after the namespace is removed. The root cause is pfcp_newlink() linking the PFCP device to dev_net(dev) instead of the correct net, allowing a UDP tun...

kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"

CVE-2023-52658 is a vulnerability in the Linux kernel's Mellanox MLX5 driver, specifically related to the switchdev mode. A previous commit intended to block entering switchdev mode due to namespace inconsistencies inadvertently caused system crashes. To address this, the problematic commit was...

CLSA-2022-1660759632 Fixed 13 CVEs in expat

CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...

USN-155-1: Mozilla vulnerabilities

Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious web site to spoof the contents of other web sites. CAN-2005-1937 It was discovered that a malicious website could...