4 matches found
CVE-2026-53075 ppp: require CAP_NET_ADMIN in target netns for unattached ioctls
In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...
Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions
The Qualys Threat Research Unit TRU recently disclosed three security bypasses in Ubuntu's unprivileged user namespace restrictions. Qualys responsibly disclosed these vulnerabilities to the Ubuntu Security Team on January 15, 2025, and has been working with Ubuntu since then. Qualys TRU uncovere...
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges a different vulnerability than CVE-2022-32250. (The attacker can obtain root access but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
...
Type confusion
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. The attacker can obtain root access, but must start with an...