GHSA-G6WW-W5J2-R7X3 BoxLite: Permission Bypass Allows Modification of Read-Only Files

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode readonly=True into the V...

BoxLite: Permission Bypass Allows Modification of Read-Only Files

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode readonly=True into the V...

PT-2026-42209

Name of the Vulnerable Software and Affected Versions Boxlite versions prior to 0.9.0 Description Boxlite is a sandbox service that allows users to create lightweight virtual machines and launch OCI containers to run untrusted code. The software fails to properly enforce read-only mounts for host...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fixed the null-ptr-deref read operation in txBegin. Syzkaller reported a issue where txBegin might be called on a superblock within a read-only mounted file system, leading to a NULL pointer dereference. This issue can b...

Kata Containers Code Issues and Vulnerabilities

Kata Containers is an open-source, lightweight virtual infrastructure building tool developed by the Kata Containers community. Versions of Kata Containers prior to 3.26.0 contained code vulnerabilities. These vulnerabilities stemmed from the backtracking of empty directories when handling...

CVE-2025-68769

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fsrecoverfsyncdata With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 /mnt/f2fs/foo f2fsio fsync /mnt/f2fs/foo f2fsio...

UBUNTU-CVE-2025-68168

In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit was not properly initializing TxBlock0.waitor waitqueue, causing a crash when txEnd0 is called on read-only filesystems. Whe...

CVE-2023-53766

JFS filesystem code neglects to verify whether the filesystem is mounted read-only before initiating transactions in txBegin. When write operations are attempted on a read-only mount, the missing check allows execution to proceed with uninitialized transaction structures, culminating in a NULL...

SUSE CVE-2023-53766

In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Check for read-only mounted filesystem in txBegin This patch adds a check for read-only mounted filesystem in txBegin before starting a transaction potentially saving from NULL pointer deref...

Linux Distros Unpatched Vulnerability : CVE-2023-53766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FS: JFS: Check for read-only mounted filesystem in txBegin This patch adds a check for read-only mounted filesystem in txBegin before starting a transaction...

PT-2026-2501

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc2+ 721 Description An issue exists in the Linux kernel's F2FS filesystem implementation where an incorrect return value from the f2fs recover fsync data function can lead to a kernel panic. Specifically,...

Linux Distros Unpatched Vulnerability : CVE-2023-53457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which lead...

PT-2025-31092

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-rc3-g90548c634bd0 Description A flaw exists in the Linux kernel's dm-bufio subsystem related to scheduling within atomic context. When try verify in tasklet is enabled for dm-verity and DM BUFIO CLIENT NO...

openSUSE Security Update : podman (openSUSE-2020-2063)

This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...

openSUSE Security Update : podman (openSUSE-2020-2039)

This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...

USN-2318-1 linux vulnerabilities

Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel's user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. CVE-2014-5207 Kenton Varda discovered a flaw with...