8 matches found
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003102)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003102 advisory. The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where...
CLSA-2024-1709203226 kernel: Fix of 7 CVEs
KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 CVE-2021-3653 - xen/netfront: fix leaking data in shared pages CVE-2022-33740 - xfs: fix up non-directory creation in SGID directories CVE-2021-4037 - netsched: clsroute: remove from list when handle is 0 CVE-2022-2588 -...
QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
UBUNTU-CVE-2022-0358
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
Unbreakable Enterprise kernel security update
2.6.39-400.302.2 - Revert 'Fix up non-directory creation in SGID directories' Brian Maly Orabug: 28781234 2.6.39-400.302.1 - Fix up non-directory creation in SGID directories Linus Torvalds Orabug: 28459479 CVE-2018-13405 - ALSA: seq: Make ioctls race-free Takashi Iwai Orabug: 28459730...
AUFS (Ubuntu 15.10) Privilege Escalation
Source: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/ Introduction Problem description: Aufs is a union filesystem to mix content of different underlying filesystems, e.g. read-only medium with r/w RAM-fs. That is also allowed in user namespaces when module was...
Ubuntu 14.0415.10 - User Namespace Overlayfs Xattr SetGID Privilege Escalation
Ubuntu 14.0415.10 - User Namespace Overlayfs Xattr SetGID Privilege Escalation Source: http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/ Introduction Problem description: Linux user namespace allows to mount file systems as normal user, including the...