113 matches found
kernel: selinux,smack: don't bypass permissions check in inode_setsecctx hook
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...
AZL-49338 CVE-2024-46695 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...
The vulnerability of the `dht_setxattr_mds_cbk` function in the `xlators/cluster/dht/src/dht-common.c` file of the GlusterFS file system, related to the use of memory after it is freed, allows a attacker to cause a service failure.
The vulnerability of the dhtsetxattrmdscbk function in the xlators/cluster/dht/src/dht-common.c file of the GlusterFS file system is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to cause service failures...
The vulnerability of the __f2fs_setxattr() function in the fs/f2fs/xattr.c file of the Linux file system’s f2fs kernel module allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the f2fs file system in Linux operating systems is related to the use of an uninitialized buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
OESA-2024-1268 glusterfs security update
GlusterFS is a distributed file-system capable of scaling to several petabytes. It aggregates various storage bricks over TCP/IP interconnect into one large parallel network filesystem. GlusterFS is one of the most sophisticated file systems in terms of features and extensibility. It borrows a...
OESA-2024-1269 glusterfs security update
GlusterFS is a distributed file-system capable of scaling to several petabytes. It aggregates various storage bricks over TCP/IP interconnect into one large parallel network filesystem. GlusterFS is one of the most sophisticated file systems in terms of features and extensibility. It borrows a...
OESA-2024-1265 glusterfs security update
GlusterFS is a distributed file-system capable of scaling to several petabytes. It aggregates various storage bricks over TCP/IP interconnect into one large parallel network filesystem. GlusterFS is one of the most sophisticated file systems in terms of features and extensibility. It borrows a...
OESA-2024-1267 glusterfs security update
GlusterFS is a distributed file-system capable of scaling to several petabytes. It aggregates various storage bricks over TCP/IP interconnect into one large parallel network filesystem. GlusterFS is one of the most sophisticated file systems in terms of features and extensibility. It borrows a...
SUSE CVE-2023-32629
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovlcopyupmetainodedata skip permission checks when calling ovldosetxattr on Ubuntu kernels...
CVE-2023-32629
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovlcopyupmetainodedata skip permission checks when calling ovldosetxattr on Ubuntu kernels...
CVE-2023-32629
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovlcopyupmetainodedata skip permission checks when calling ovldosetxattr on Ubuntu kernels...
Canonical Ubuntu 安全漏洞
Canonical Ubuntu is a GNU/Linux operating system for desktop applications from Canonical, a British company. A security vulnerability exists in Canonical Ubuntu that stems from Overlayfs ovlcopyupmetainodedata skipping privilege checking when ovldosetxattr is called on the Ubuntu kernel...
PT-2025-53202
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0-rc1+ 4 Description The Linux kernel contains a flaw within the ntfs3 file system related to handling extended attributes. Specifically, the ntfs read ea function does not properly return an error code for...
PT-2023-4062
Name of the Vulnerable Software and Affected Versions Ubuntu kernels affected versions not specified Description The issue is related to a local privilege escalation vulnerability in Ubuntu kernels, specifically in the overlayfs ovl copy up meta inode data function, which skips permission checks...
UBUNTU-CVE-2023-32629
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovlcopyupmetainodedata skip permission checks when calling ovldosetxattr on Ubuntu kernels...
SUSE CVE-2022-48340
In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dhtsetxattrmdscbk use-after-free...
UBUNTU-CVE-2022-48340
In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dhtsetxattrmdscbk use-after-free...
SUSE CVE-2016-7097
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions...
SUSE CVE-2017-5551
The simplesetacl function in fs/posixacl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOT...
SUSE CVE-2018-12233
In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to creat...