CVE-2025-54867 Youki Symlink Following Vulnerability

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5...

kernel: proc: fix UAF in proc_get_inode()

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration

A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections...

McAfee TechCheck 代码问题漏洞

McAfee TechCheck is a software from McAfee USA to keep your computer running smoothly. It is used to diagnose machine problems. A code issue vulnerability exists in versions prior to McAfee TechCheck 4.0.0.2 that allows local administrators to load their own Dynamic Link Library DLL to gain...

USN-4867-1 runc vulnerabilities

It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. CVE-2019-16884 Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious...