CVE-2026-35361

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...

CVE-2026-35361 uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...

CVE-2026-35361 uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...

MiracleLinux 8 : xorg-x11-server-1.20.11-22.el8 (AXSA:2024-8304:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8304:07 advisory. xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty CVE-2023-5367 xorg-x11-server: out-of-bounds memory reads/writ...

DEBIAN-CVE-2024-9407

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

PT-2024-11335 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the smackfs component in the Linux kernel, where the function smk set cipso does not properly restrict the bytes count. This problem was missed in a previous...

xorg-x11-server: SELinux unlabeled GLX PBuffer

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource as with a GetGeometry or when it creates another resource that needs to access that buffer, such as...

kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c

A flaw use-after-free in the Linux kernel CIPSO network packet labeling protocol functionality was found in the way user open local network connection with the usage of the security labeling that is IP option number 134. A local user could use this flaw to crash the system or possibly escalate...

CVE-2021-33033

A flaw use-after-free in the Linux kernel CIPSO network packet labeling protocol functionality was found in the way user open local network connection with the usage of the security labeling that is IP option number 134. A local user could use this flaw to crash the system or possibly escalate...