PT-2026-42624

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode read only=True into the ...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the mounting of host directories in read-only mode into VM. An attacker can gain unauthorized write access to the host filesystem by remounting a shared directory as read-write from within t...

CVE-2026-43359

A flaw was found in the Linux kernel's Btrfs file system. A local malicious user, who owns a subvolume, can exploit an item overflow vulnerability when repeatedly calling the set received ioctl with the same received UUID field for multiple subvolumes. This can trigger a transaction abort, leadin...

CVE-2025-31974

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013084)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013084 advisory. In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Check for read-only mounted filesystem in txBegin This patch adds a check for read-only...

CVE-2025-52627

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...

UBUNTU-CVE-2025-68769

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fsrecoverfsyncdata With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 /mnt/f2fs/foo f2fsio fsync /mnt/f2fs/foo f2fsio...

CVE-2025-68769 f2fs: fix return value of f2fs_recover_fsync_data()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fsrecoverfsyncdata With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 /mnt/f2fs/foo f2fsio fsync /mnt/f2fs/foo f2fsio...

SUSE CVE-2025-68168

In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit was not properly initializing TxBlock0.waitor waitqueue, causing a crash when txEnd0 is called on read-only filesystems. Whe...

CVE-2023-53766

In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Check for read-only mounted filesystem in txBegin This patch adds a check for read-only mounted filesystem in txBegin before starting a transaction potentially saving from NULL pointer deref...

UBUNTU-CVE-2023-53766

In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Check for read-only mounted filesystem in txBegin This patch adds a check for read-only mounted filesystem in txBegin before starting a transaction potentially saving from NULL pointer deref...

CVE-2023-53766

In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Check for read-only mounted filesystem in txBegin This patch adds a check for read-only mounted filesystem in txBegin before starting a transaction potentially saving from NULL pointer deref...

CVE-2023-53766

CVE-2023-53766 relates to the Linux kernel, specifically the JFS filesystem. A patch adds a check in txBegin to verify a read-only mounted filesystem before starting a transaction, potentially preventing a NULL pointer dereference. The remediation is a kernel patch (Linux kernel, JFS code path) t...

EUVD-2018-6524

Malware in sbrugna...

SUSE CVE-2023-53457

In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved by checking if the...

CVE-2023-53457 FS: JFS: Fix null-ptr-deref Read in txBegin

In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved by checking if the...

SUSE SLES15 : Recommended update for podman (SUSE-SU-SUSE-RU-2025:02091-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2025:02091-1 advisory. - Added patch to remove using rw as a default mount option bsc1239776 Tenable has extracted the preceding description bloc...

Dirty Pipe SUID Binary Hijack Privilege Escalation Exploit

Variant proof of concept exploit for the Dirty Pipe file overwrite vulnerability. This version hijacks a SUID binary to spawn a root shell. // // dirtypipez.c // // hacked up Dirty Pipe CVE-2022-0847 PoC that hijacks a SUID binary to spawn // a root shell. and attempts to restore the damaged bina...

OPENSUSE-SU-2021:1625-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.0.3. CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc bsc1193436 Fixed inability to start a container with...

Security update for ntfs-3g_ntfsprogs (important)

openSUSE Security Update: Security update for ntfs-3gntfsprogs Announcement ID: openSUSE-SU-2021:2971-1 Rating: important References: 1189720 Cross-References: CVE-2019-9755 CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269...