67 matches found
CVE-2022-49379
In the Linux kernel, the following vulnerability has been resolved: driver core: Fix waitfordeviceprobe & deferredprobetimeout interaction Mounting NFS rootfs was timing out when deferredprobetimeout was non-zero 1. This was because ipautoconfig initcall times out waiting for the network interfac...
UBUNTU-CVE-2022-49379
In the Linux kernel, the following vulnerability has been resolved: driver core: Fix waitfordeviceprobe & deferredprobetimeout interaction Mounting NFS rootfs was timing out when deferredprobetimeout was non-zero 1. This was because ipautoconfig initcall times out waiting for the network interfac...
CVE-2022-49379
In the Linux kernel, the following vulnerability has been resolved: driver core: Fix waitfordeviceprobe & deferredprobetimeout interaction Mounting NFS rootfs was timing out when deferredprobetimeout was non-zero 1. This was because ipautoconfig initcall times out waiting for the network interfac...
UBUNTU-CVE-2025-24965
crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current...
GO-2022-0914 Mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc
Mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc...
CVE-2024-21482
Memory corruption during the secure boot process, when the bootm command is used, it bypasses the authentication of the kernel/rootfs image...
CVE-2024-21482 Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux Boot Loader
Memory corruption during the secure boot process, when the bootm command is used, it bypasses the authentication of the kernel/rootfs image...
PT-2024-18903 · Qualcomm · Snapdragon +68
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption during the secure boot process. When the bootm command is used, it bypasses the authentication of the kernel/rootfs...
CVE-2024-26821
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-26821
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
runc: volume mount race condition (regression of CVE-2019-19921)
A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume...
GHSA-X9MP-JM4H-JJF8 Duplicate Advisory: EVE Doesn't Protect Rootfs
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in t...
CVE-2023-43636 Rootfs Not Protected
In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their respective parts are changed. This...
CVE-2023-43636 Rootfs Not Protected
In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their respective parts are changed. This...
PT-2023-28892
Name of the Vulnerable Software and Affected Versions EVE OS versions 9.0.0 and earlier Description The "measured boot" mechanism in EVE OS is designed to prevent a compromised device from accessing the encrypted data located in the vault. However, this mechanism does not validate the entire...
SecureJoin: on windows, paths outside of the rootfs could be inadvertently produced
Impact For Windows users of github.com/cyphar/filepath-securejoin, until v0.2.4 it was possible for certain rootfs and path combinations in particular, where a malicious Unix-style /-separated unsafe path was used with a Windows-style rootfs path to result in generated paths that were outside of...
The vulnerability in the `libcontainer/rootfs_linux.go` component of the Runc tool for running isolated containers allows a attacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the libcontainer/rootfslinux.go component, a tool for running isolated containers in Runc, is related to the use of a name with an incorrect reference. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service...
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges related to libcontainer/rootfs_linux.go. To exploit this an attacker must be able to spawn two containers with custom volume-mount configurations and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
...
Sandbox Restrictions Bypass
github.com/opencontainers/runc is vulnerable to Privilege Escalation. The vulnerability exists because the prepareRootfs function in rootfslinux.go does not properly validate the root config, which allows an attacker to obtain the host root when spawning two containers with custom volume-mount...
SUSE CVE-2023-27561
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...