57 matches found
OESA-2026-2657 lxc security update
Linux Containers userspace tools Security Fixes: lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the findline function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-n...
MGASA-2026-0172 Updated lxc packages fix security vulnerability
CVE-2026-39402, lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion...
openvswitch: vport: fix self-deadlock on release of tunnel ports
...
CVE-2026-39402
A flaw was found in LXC Linux Containers, specifically within the lxc-user-nic helper. This logic flaw allows an unprivileged attacker, with a valid lxc-usernet policy entry, to delete OpenVSwitch OVS-attached network interfaces owned by other users. In multi-tenant environments using lxc-user-ni...
CVE-2026-39402 lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion
lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the findline function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a...
openvswitch: validate MPLS set/set_masked payload length
...
OESA-2026-1960 openvswitch security update
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: "Description\n===========\n\nMultiple versions of Open vSwitch are vulnerable to crafted FTP payloads\ncausing invalid memory accesses, potential...
Azure Linux 3.0 Security Update: kernel (CVE-2025-22057)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22057 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: decrease cached dst counters in...
CVE-2025-68785
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix middle attribute validation in pushnsh action The pushnsh action structure looks like this: OVSACTIONATTRPUSHNSHOVSKEYATTRNSHOVSNSHKEYATTRBASE,... The outermost OVSACTIONATTRPUSHNSH attribute is OK'ed by the...
USN-7907-5 linux-azure, linux-azure-4.15, linux-oracle, vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; -...
DEBIAN-CVE-2023-53843
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: reject negative ifindex Recent changes in net-next commit 759ab1edb56c "net: store netdevs in an xarray" refactored the handling of pre-assigned ifindexes and let syzbot surface a latent problem in ovs. ovs does...
USN-7907-3: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; -...
USN-7907-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; -...
CVE-2023-53188 net: openvswitch: fix race on port output
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix race on port output assume the following setup on a single machine: 1. An openvswitch instance with one bridge and default flows 2. two network namespaces "server" and "client" 3. two ovs interfaces "server"...
USN-7703-4 linux-gke, linux-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - GPIO subsystem; - GPU...
Linux Distros Unpatched Vulnerability : CVE-2021-20267
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance...
USN-7703-1 linux, linux-aws, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-realtime vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - GPIO subsystem; - GPU...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITESAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like...
openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero CVE-2024-26982 In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object-file...