269 matches found
PYSEC-2026-365 TigerVNC accessible via the network and not just via a UNIX socket as intended
Summary jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having...
CVE-2026-53034
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF and sockmap components, specifically within the afunix socket operations. A race condition occurs during the connection process where a socket's state is updated before its peer is fully assigned. This timing issue can lead to a...
Linux Distros Unpatched Vulnerability : CVE-2026-53035
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf, sockmap: Fix afunix iter deadlock bpfiterunixseqshow may deadlock when locksockfast takes the fast path and the iter prog attempts to update a sockmap...
EUVD-2026-38901
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...
Astra Linux – Vulnerability in WebKit2GTK
In BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit, prior to version 2.34.1, there was a limited bypass of the sandbox mechanism. This allowed a sandboxed process to trick host processes into believing that the sandboxed process was not confined by the sandbox. This was achieved by exploiting...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: afunix: fix use-after-free in unixstreamreadactor syzbot reported the following crash 1 After releasing unix socket lock, u-oobskb can be changed by another thread. We must temporarily increase skb refcount to make sure this othe...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: afunix: Fixed data races related to sk-skshutdown. KCSAN identified a data race involving sk-skshutdown, where functions like unixreleasesock and unixshutdown update the variable under unixstatelock; additionally, unixpoll and...
Astra Linux – Vulnerability in Memcached
In memcached 1.5.16, when UNIX sockets are used, there is a stack-based buffer over-read issue in the conntostr function in memcached.c...
Astra Linux – Vulnerability in Flatpak
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak applications that had direct access to AFUNIX sockets—such as those used by Wayland, Pipewire, or pipewire-pulse—could trick portals and other host-...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. Upon startup, Redis begins listening on Unix sockets before adjusting its permissions according to the user-provided configuration. If a permissive umask value is used, this can create a race condition that allows another process to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, do not write to the msggetinq field in the callee. This issue involves fixing the problem of NULL pointer dereferencing. msggetinq is an input field from the caller to the callee. Do not set it in the callee...
Astra Linux – Vulnerability in multipath-tools
In versions of multipath-tools from 0.7.0 to 0.9.x, up to 0.9.2, local users could obtain root access, either alone or in conjunction with CVE-2022-41973. Local users who had access to write to UNIX domain sockets could bypass access controls and manipulate the multipath setup. This could result ...
PT-2026-47581
netty unix socket recvFd sets msg control to char controlCMSG SPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCM RIGHTS cmsg carrying two ints has cmsg len = CMSG LEN8 = 24, which fits exactly with no MSG CTRUNC, so the kernel installs both fds in the receiving process. The...
nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`
Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...
EUVD-2026-32314
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL sock in aasockfileperm Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops. The fix for NULL pointer dereference in unixneedsrevalidation shows...
CVE-2026-45848
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL sock in aasockfileperm Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops. The fix for NULL pointer dereference in unixneedsrevalidation shows...
CVE-2026-45848 apparmor: fix NULL sock in aa_sock_file_perm
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL sock in aasockfileperm Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops. The fix for NULL pointer dereference in unixneedsrevalidation shows...
CVE-2026-45848
The CVE-2026-45848 issue affects the Linux kernel AppArmor component, where NULL sock or sock-sk can occur during socket setup/teardown, potentially causing a NULL pointer dereference and a kernel oops (DoS) for af_unix sockets. Root cause is dereferencing NULL during socket operations; impact is...
PT-2026-43715
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the AppArmor module. Specifically, the aa sock file perm function does not properly handle cases where sock and sock-sk can be NULL during socket set...
CVE-2026-7374
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...