Lucene search
+L

143 matches found

RedHat Linux
RedHat Linux
added 2026/06/29 6:16 a.m.5 views

kernel: selinux: fix overlayfs mmap() and mprotect() access checks

A flaw was found in the Linux kernel's SELinux security module when handling overlayfs. The existing security model for overlayfs does not properly enforce access controls for mmap and mprotect operations. This oversight could allow a local attacker to bypass intended security policies, potential...

7.1CVSS5.7AI score0.00118EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 9:16 a.m.10 views

CVE-2026-53174

In the Linux kernel, the following vulnerability has been resolved: ovl: keep err zero after successful ovlcacheget ovliteratemerged stores PTRERRcache in err before checking ISERRcache. On success err holds the truncated cache pointer and can be returned as a bogus non-zero error. The syzbot...

7.8CVSS0.00129EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 2:17 p.m.15 views

CVE-2026-46054

In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap and mprotect access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file the "user" file and the mounter's credentials ar...

7.1CVSS0.00118EPSS
Exploits0References12
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

A use-after-free flaw was discovered in the Linux kernel’s Ext4 File System, where a user can trigger multiple file operations simultaneously using the overlay FS mechanism. This flaw allows a local user to crash the system or potentially escalate their privileges on the system. Only if patch...

7.8CVSS6.8AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 3:1 p.m.12 views

USN-8255-1 linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-azure, linux-azure-fips, linux-fips, linux-gcp, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-realtime vulnerabilities

Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. CVE-2023-2640 Shir Tamari and Sagi Tzadik...

9.8CVSS6.1AI score0.15783EPSS
Exploits14References5
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:40 a.m.6 views

CVE-2026-43117

In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock from dentry in event btrfssyncfile If overlay is used on top of btrfs, dentry-dsb translates to overlay's super block and fsid assignment will lead to a crash. Use fileinodefile-isb to...

5.7AI score0.00399EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the btrfssyncfile event. This event involves accessing the super block through dentry, without...

9.1CVSS5.8AI score0.00399EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007433)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007433 advisory. In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovldentryweird functio...

7.8CVSS6.4AI score0.0023EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002918)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002918 advisory. The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by...

7.8CVSS7AI score0.00923EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-54313

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ovl: fix null pointer dereference in ovlgetaclrcu Following process: P1 P2 pathopenat linkpathwalk maylookup inodepermissionrcu ovlpermission aclpermissioncheck...

6.2AI score0.00163EPSS
Exploits0References3
CVE
CVE
added 2025/12/30 12:23 p.m.20 views

CVE-2023-54313

The CVE-2023-54313 entry concerns a Linux kernel ovl filesystem NULL pointer dereference in ovl_get_acl_rcu(). The issue arises when upperdentry inode is NULL and IS_POSIXACL(realinode) dereferences a NULL realinode during ACL checks in overlay (ovl) permission handling, potentially triggering a ...

6AI score0.00163EPSS
Exploits0References4
OSV
OSV
added 2025/12/04 4:16 p.m.8 views

UBUNTU-CVE-2025-40237

In the Linux kernel, the following vulnerability has been resolved: fs/notify: call exportfsencodefid with sumount Calling intotifyshowfdinfo on fd watching an overlayfs inode, while the overlayfs is being unmounted, can lead to dereferencing NULL ptr. This issue was found by syzkaller. Race...

5.7AI score0.00174EPSS
Exploits0References22
Zero Science Lab
Zero Science Lab
added 2025/11/13 12:0 a.m.177 views

Logitech Streamlabs Desktop 1.19.6 (overlay) CPU Exhaustion

Summary Streamlabs Desktop is a free streaming and recording software, built on OBS Studio, for content creators to stream live to platforms like Twitch, YouTube, and Facebook. It is designed to be beginner-friendly and offers tools for creating engaging streams, such as customizable overlays,...

5.8AI score
Exploits0
Ubuntu
Ubuntu
added 2025/10/08 8:52 a.m.14 views

USN-7809-1: Linux kernel (Azure, N-Series) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AM...

8.1CVSS7AI score0.00352EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2011-3147

Malware in sbrugna...

7.5CVSS6.4AI score0.02578EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-23521

Malicious code in bioql PyPI...

7.8CVSS7.2AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-8469

Malicious code in bioql PyPI...

7.8CVSS7.2AI score0.00185EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-2468

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.01596EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2025/10/02 3:30 p.m.10 views

USN-7802-1: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AM...

8.1CVSS7AI score0.00352EPSS
Exploits0
Ubuntu
Ubuntu
added 2025/09/02 6:45 p.m.3 views

USN-7725-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Overlay file system; - Network traffic control; CVE-2025-21887, CVE-2024-57996, CVE-2025-38350, CVE-2025-37752...

7.8CVSS7.1AI score0.00233EPSS
Exploits0
Rows per page
Query Builder