611 matches found
nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`
Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...
PT-2026-44549
Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...
GHSA-2GV2-CFFP-J227 Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs
Summary In the runtime-rs standalone virtio-fs path, verified here with QEMU and verified with Cloud Hypervisor too, Kata Containers runs host virtiofsd as root with: --sandbox none --seccomp none If an attacker has root-equivalent execution inside the Kata guest VM, they can send raw FUSE reques...
Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs
Summary In the runtime-rs standalone virtio-fs path, verified here with QEMU and verified with Cloud Hypervisor too, Kata Containers runs host virtiofsd as root with: --sandbox none --seccomp none If an attacker has root-equivalent execution inside the Kata guest VM, they can send raw FUSE reques...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: seccomp: Passing uretprobes through system calls without filtering. When uretprobes are attached to processes running inside Docker, the attached process will crash when encountering the retprobe. The reason is that uretprobes no...
Astra Linux - уязвимость в linux-5.10, linux
The Linux kernel before version 5.17.2 mishandles seccomp permissions. The PTRACESEIZE code path allows attackers to bypass the intended restrictions on setting the PTSUSPENDSECCOMP flag...
Copy.Fail Linux Vulnerability
This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API AFALG sockets plus splice to write four bytes at a time straigh...
RHSA-2026:15940 Red Hat Security Advisory: oci-seccomp-bpf-hook security update
Bulletin has no description...
Moderate: Red Hat Security Advisory: oci-seccomp-bpf-hook security update
An update for oci-seccomp-bpf-hook is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RHEL 9 : oci-seccomp-bpf-hook (RHSA-2026:15940)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:15940 advisory. OCI Hook to generate seccomp json files based on EBF syscalls used by container oci-seccomp-bpf-hook provides a library for applications looking to...
Astra Linux - уязвимость в libseccomp
In versions of libsseccomp before 2.4.0, 64-bit syscall argument comparisons using arithmetic operators LT, GT, LE, GE were not generated correctly. This issue could potentially allow bypassing seccomp filters and leading to potential privilege escalations...
Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB...
Astra Linux - уязвимость в linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copyseccomp to a non-failure path. Our syzbot instance reported memory leaks in doseccomp 0, similar to the reports 1. This indicates that we fail to free the struct seccompfilter and some objects included within it...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CopyFail Guard text...
RHSA-2026:11804 Red Hat Security Advisory: oci-seccomp-bpf-hook security update
Bulletin has no description...
Exploit for CVE-2026-31431
Wazuh SCA policy: Copy Fail CVE-2026-31431 This policy file...
Exploit for CVE-2026-31431
CVE-2026-31431 Seccomp Mitigation A lightweight, reversible s...
RHEL 9 : oci-seccomp-bpf-hook (RHSA-2026:11804)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:11804 advisory. OCI Hook to generate seccomp json files based on EBF syscalls used by container oci-seccomp-bpf-hook provides a library for applications looking to...
netfoil's optional seccomp sandboxing was not applied
Summary The optional flag --filter-system-calls was not applied even if specified. Details This is a defense in depth feature to apply additional seccomp filters after the binary has started. The example config also sandboxes the binary with systemd. Impact Reduced sandboxing of the netfoil binar...
GHSA-VJGJ-42F6-7997 netfoil's optional seccomp sandboxing was not applied
Summary The optional flag --filter-system-calls was not applied even if specified. Details This is a defense in depth feature to apply additional seccomp filters after the binary has started. The example config also sandboxes the binary with systemd. Impact Reduced sandboxing of the netfoil binar...