CVE-2025-10657

In a hardened Docker environment, with Enhanced Container Isolation ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ enabled, an administrator can utilize the command restrictions feature...

CVE-2025-10657 Docker Desktop with ECI Fails to Enforce Socket Command Restrictions

In a hardened Docker environment, with Enhanced Container Isolation ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ enabled, an administrator can utilize the command restrictions feature...

CVE-2025-10657

Docker Desktop 4.46.0 with Enhanced Container Isolation (ECI) enabled is affected by a bug where the command restrictions configuration passed to ECI is ignored, allowing any command to execute on the Docker socket. This creates a container-escape risk for containers explicitly permitted to mount...

CVE-2025-10657 Docker Desktop with ECI Fails to Enforce Socket Command Restrictions

In a hardened Docker environment, with Enhanced Container Isolation ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ enabled, an administrator can utilize the command restrictions feature...

SUSE-SU-2025:03381-1 Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024144 fixes several issues. The following security issues were fixed: - CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1246356. - CVE-2025-38181: calipso: Fix null-ptr-deref in calipsoreqset,delattr bsc1246001. - CVE-2025-38498:...

PT-2025-39690

Name of the Vulnerable Software and Affected Versions Docker Desktop version 4.46.0 Description A software bug in Docker Desktop allowed the configuration for restricting commands to be ignored when passed to Enhanced Container Isolation ECI. This granted excessive privileges by permitting...

PT-2025-46598

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s BPF subsystem contains an issue where the expected attach type is not properly enforced for tailcall compatibility. A fuzzer tool discovered an uninitialized pointer...

kernel: udp: Fix memory accounting leak.

A memory overflow vulnerability exists within the Linux kernel's networking subsystem. Specifically, an application can set the SORCVBUF socket option to its maximum value INTMAX, which triggers an integer overflow within the udprmemrelease function during socket closure. The udpdestructcommon...

PT-2025-44111

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to insufficient input validation in the NFC Near Field Communication subsystem. Specifically, the nci init req function had limited validation,...

SUSE SLES15 Security Update : kernel RT (Live Patch 1 for SLE 15 SP6) (SUSE-SU-2025:03341-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03341-1 advisory. This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: - CVE-2024-49860: ACPI: sysfs...

Linux Distros Unpatched Vulnerability : CVE-2025-39873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: xilinxcan: xcanwriteframe: fix use-after-free of transmitted SKB canputechoskb takes ownership of the SKB and it may be freed during or after the call...

SUSE SLES15 Security Update : kernel RT (Live Patch 2 for SLE 15 SP6) (SUSE-SU-2025:03315-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03315-1 advisory. This update for the Linux Kernel 6.4.0-150600108 fixes several issues. The following security issues were fixed: - CVE-2024-49860: ACPI: sysfs...

Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001017 fixes several issues. The following security issues were fixed: CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1246356. CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow bsc1245685. CVE-2025-38181: calipso: Fix...

can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB

...

CVE-2025-10772

A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robotdevices/robots/lekiwiremote.py of the component ZeroMQ Socket Handler. The manipulation leads to missing authentication. The attack can onl...

SUSE CVE-2022-50409

In the Linux kernel, the following vulnerability has been resolved: net: If sock is dead don't access sock's skwq in skstreamwaitmemory Fixes the below NULL pointer dereference: ... 14.471200 Call Trace: 14.471562 14.471882 lockacquire+0x245/0x2e0 14.472416 ? removewaitqueue+0x12/0x50 14.473014 ?...

SUSE CVE-2025-39873

In the Linux kernel, the following vulnerability has been resolved: can: xilinxcan: xcanwriteframe: fix use-after-free of transmitted SKB canputechoskb takes ownership of the SKB and it may be freed during or after the call. However, xilinxcan xcanwriteframe keeps using SKB after the call. Fix th...

SUSE-SU-2025:20755-1 Security update for cloud-init

This update for cloud-init fixes the following issues: Update to version 25.1.3 bsc1245401,bsc1245403: + docs: provide example3 for PAM and sshpwauth behavior 27 + fix: Make hotplug socket writable only by root 25 CVE-2024-11584 + fix: Don't attempt to identify non-x86 OpenStack instances LP:...

Security update for cloud-init

This update for cloud-init fixes the following issues: Update to version 25.1.3 bsc1245401,bsc1245403: docs: provide example3 for PAM and sshpwauth behavior 27 fix: Make hotplug socket writable only by root 25 CVE-2024-11584 fix: Don't attempt to identify non-x86 OpenStack instances LP: 2069607...

Security update for kernel-livepatch-MICRO-6-0_Update_3

This update for kernel-livepatch-MICRO-6-0Update3 fixes the following issues: CVE-2025-38177: kernel: schhfsc: make hfscqlennotify idempotent bsc1246356 CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow bsc1245685 CVE-2025-38181: calipso: fix null-ptr-deref in calipsoreqset,delatt...