GHSA-PHQM-JGC3-QF8G Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

kube-router Proxy Module Does Not Validate ExternalIPs or LoadBalancer IPs Against Configured Ranges Summary This issue primarily affects multi-tenant clusters where untrusted users are granted namespace-scoped permissions to create or modify Services. Single-tenant clusters or clusters where all...

Security update for kernel-livepatch-MICRO-6-0_Update_2

This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 CVE-2024-50115: KVM: nSVM:...

CVE-2014-4171

mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service imutex hold by using the mmap system call to access a hole, as demonstrated by interfering with intended...