CVE-2026-35354

The CVE concerns the mv utility from uutils coreutils, where a TOCTOU race occurs during cross-device moves. The xattr preservation logic uses several path-based system calls that re-resolve inodes between operations, allowing a local attacker with directory write access to swap files during the ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001402)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001402 advisory. An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount...

RockyLinux 8 : go-toolset:rhel8 (RLSA-2025:22668)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:22668 advisory. os/exec: Unexpected paths returned from LookPath in os/exec CVE-2025-47906 golang: archive/tar: Unbounded allocation when parsing GNU sparse map...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2025-2386)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath '', '.', a...

TencentOS Server 4: buildah (TSSA-2025:0765)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0765 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

SUSE CVE-2020-29373

An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d...

SUSE-SU-2021:0869-1 Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-2449 fixes several issues. The following security issues were fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check bsc1179664. -...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0117-1)

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-28374: Fixed a Linux SCSI target issue bsc1178372. CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver bsc1180559...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1)

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver bsc1180559. CVE-2020-27825: Fixed a race in the traceopen and buffer resi...

An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups and thus a process inside a mount namespace can escape to unintended filesystem locations aka CID-ff002b30181d.

...

CVE-2020-29373

An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d...

DEBIAN-CVE-2020-29373

An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d...

CVE-2020-29373

An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d...

UBUNTU-CVE-2020-29373

An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d...

Design/Logic Flaw

An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d...

Linux 5.3 Insecure Root Path Handling Exploit

Linux versions 5.3 and above appear to have an issue where iouring suffers from insecure handling of the root directory for path lookups. Linux =5.3: iouring: insecure handling of root directory for path lookups When I saw today, I realized that this is not just a small correctness issue, but als...