CVE-2025-54867 Youki Symlink Following Vulnerability

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5...

kernel: proc: fix UAF in proc_get_inode()

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration

A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections...

CVE-2022-0129

Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library DLL gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process wa...

McAfee TechCheck 代码问题漏洞

McAfee TechCheck is a software from McAfee USA to keep your computer running smoothly. It is used to diagnose machine problems. A code issue vulnerability exists in versions prior to McAfee TechCheck 4.0.0.2 that allows local administrators to load their own Dynamic Link Library DLL to gain...

USN-4867-1 runc vulnerabilities

It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. CVE-2019-16884 Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious...