4237 matches found
CVE-2026-53175
The CVE-2026-53175 entry documents a Linux kernel use-after-free in fragment reassembly during netns teardown. Specifically, fqdir_pre_exit() flushes fragment queues but may leave freed skbs referenced via fragments_tail and last_run_head, enabling a later dereference when a stalled fragment resu...
EUVD-2026-39266
In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdirpreexit flush On netns teardown, fqdirpreexit walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inetfragqueueflush. That helper frees all...
EUVD-2026-38945
In the Linux kernel, the following vulnerability has been resolved: net/rds: Restrict use of RDS/IB to the initial network namespace Prevent using RDS/IB in network namespaces other than the initial one. The existing RDS/IB code will not work properly in non-initial network namespaces...
EUVD-2026-38943
In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...
CVE-2026-53075
In the Linux kernel, CVE-2026-53075 affects PPP handling of unattached administrative ioctls. The flaw permits a local unprivileged user who creates a new user namespace (CLONE_NEWUSER) to obtain CAP_NET_ADMIN in that namespace and still invoke PPPIOCNEWUNIT, PPPIOCATTACH, or PPPIOCATTCHAN agains...
CVE-2026-52725 Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component...
EUVD-2026-38063
The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers ...
CVE-2026-12238
The WP Go Maps WordPress plugin (up to version 10.1.01) is vulnerable to an authorization bypass that allows unauthenticated attackers to create arbitrary records in plugin tables (maps, markers, circles, polygons, polylines, rectangles, and point labels) by supplying a WPGMZA-namespaced CRUD-bac...
CVE-2026-52909
The CVE-2026-5299x family concerns the Linux kernel IPv6 virtual tunnel interfaces. The issue: in vti6_init_net(), the per-netns fallback tunnel device (ip6_vti0) does not set the netns_immutable flag, allowing the device to be moved between network namespaces. This flag is correctly set by other...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: In net:tIPC, there is a fix for the refcount warning in tipcaeadencrypt. The syzbot report identified a refcount warning 1 caused by calling getnet on a network namespace that is being destroyed refcount=0. This occurs when a TIP...
Astra Linux – Vulnerability in firejail
A privilege context switching issue was discovered in the join.c file of Firejail 0.9.68. By creating a fake Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment where the Linux user namespace remains the initial user...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: devlink: fixed the netns refcount leak in devlinknlcmdreload. While preparing my patch series that includes netns refcount tracking, I discovered bugs in devlinknlcmdreload. Some error paths failed to release the refcount...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mr: Consolidate the ipmrcanfreetable checks. Guoyu Yin reported a crash in the ipmr netns cleanup path: WARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmrfreetable net/ipv4/ipmr.c:440 inline WARNING: CPU: 2 PID: 14564 at...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/tipc: fixed the slab-use-after-free issue in tipcaeadencryptdone+0x4bd/0x510 net/tipc/crypto.c:840. Syzbot reported a slab-use-after-free with the following call trace:...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fixed a suspicious RCU usage warning in iptunnelfind The per-netns IP tunnel hash table is protected by the RTNL mutex, and iptunnelfind is only called from the control path where the mutex is acquired. Added a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: In the TCP layer, the secpath process is dropped simultaneously with the current dropping of the dst. Xiumei reported encountering a warning in xfrm6tunnelnetexit while running tests that involve creating a pair of netns, running...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: xfrm: The “x-tunnel” structure is deleted as soon as the “x” structure is deleted. The IP-compatibility tunnels are currently being deleted from various lists and hashtables because the last user state that relied on those tunnel...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fixed a possible leak of the pernet namespace in smcinit. In smcinit, registerpernetsubsys&smcnetstatops is called without any error handling. If this call fails, the registration of &smcnetops will not be reversed. And ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fanotify: Validate the return value of mntnsfromdentry before dereferencing it. The function dofanotifymark does not validate whether mntnsfromdentry returns NULL before dereferencing mntns-userns. This causes a NULL pointer...
Astra Linux – Vulnerability in docker.io
In Docker versions prior to 9.03.15 and 20.10.3, there is a vulnerability related to the --userns-remap option. This option allows access to the remapped root directory, enabling privilege escalation to the actual root directory. When using --userns-remap, if the root user in the remapped namespa...