Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/proc: taskmmu.c: Do not read mapcount for migration entries The syzbot reported the following bug: Kernel bug at include/linux/page-flags.h: 785 Invalid opcode: 0000 1 PREEMPT SMP KASAN CPU: 1; PID: 4392; Comm: syz-executor560...

SUSE CVE-2025-22242

Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fixed races among concurrent prealloc/proc write operations. We currently have no protection against concurrent changes to PCM buffer preallocations via proc files. This could potentially lead to UAF or other strange...

SUSE-SU-2026:21291-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252376. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007003)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007003 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 scsi: core: Remove...

NewStart CGSL MAIN 6.06 (SP) : pcp Multiple Vulnerabilities (NS-SA-2026-0015)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has pcp packages installed that are affected by multiple vulnerabilities: - Multiple memory leaks in Performance Co-Pilot PCP before 3.6.5 allow remote attackers to cause a denial of service memory consumption or daemon crash via a larg...

F5 Networks BIG-IP : Linux kernel vulnerability (K000160079)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000160079 advisory. In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of...

CVE-2025-58340

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/senddelts write operation, leading to kernel...

Security update for podman (important)

openSUSE security update: security update for podman ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20072-1 Rating: important References: bsc1249154 bsc1252376 Cross-References: CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 CVE-2025-9566 CVSS scores...

OPENSUSE-SU-2026:20080-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out of bounds read bsc1254054 - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an...

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

CVE-2024-34594

Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address...

UBUNTU-CVE-2023-54276

In the Linux kernel, the following vulnerability has been resolved: nfsd: move init of percpu replycachestats counters back to nfsdinitnet Commit f5f9d4a314da "nfsd: move reply cache initialization into nfsd startup" moved the initialization of the reply cache into nfsd startup, but didn't accoun...

CLSA-2025-1766050574 podman: Fix of CVE-2025-52881

CVE-2025-52881: fix security vulnerability in /proc file handle operations - Partial backport: add pathrs-lite library from runc v1.2.8 vendor directory...

OPENSUSE-SU-2025:20072-1 Security update for runc

This update for runc fixes the following issues: - Update to runc v1.3.3: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252232...

kernel: nfsd: don't ignore the return code of svc_proc_register()

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svcprocregister Currently, nfsdprocstatinit ignores the return value of svcprocregister. If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix...

SUSE SLES15 / openSUSE 15 Security Update : buildah (SUSE-SU-2025:4076-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:4076-1 advisory. - CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1253096...

openSUSE Security Advisory (SUSE-SU-2025:4076-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for buildah

This update for buildah fixes the following issues: CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1253096 Other fixes: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless bsc1252543 Patch Instructions: To...

CVE-2025-52881

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...