Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001826)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001826 advisory. Memory leak in the unshareuserns function in kernel/usernamespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service memory...

Security update for kernel-livepatch-MICRO-6-0_Update_5

This update for kernel-livepatch-MICRO-6-0Update5 fixes the following issues: CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794 CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM...

SUSE-SU-2025:20914-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_6

This update for kernel-livepatch-MICRO-6-0-RTUpdate6 fixes the following issues: - CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 - CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM bypass bsc1247158 - CVE-2025-38471: kernel: tls: always refresh the queue...

CVE-2025-38247

In the Linux kernel, the following vulnerability has been resolved: userns and mntidmap leak in opentreeattr2 Once wantmountsetattr has returned a positive, it does require finishmountkattr to release -mntuserns. Failing domountsetattr does not change that. As the result, we can end up leaking...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1644)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1445)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container...

Medium: docker

Issue Overview: A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity...

CVE-2021-21284

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can...

CVE-2021-21284

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can...

CVE-2021-21284

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can...

CVE-2021-21284

CVE-2021-21284 affects Docker’s userns-remap feature. The root user in the remapped namespace can gain privilege escalation to the host’s real root if it has host filesystem access, by modifying files under /var/lib/docker/. Patches were included in Docker releases 20.10.3 and 19.03.15 to prevent...

CVE-2021-21284 privilege escalation in Moby

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can...

openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2020-45)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Security issue fixed : - CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory bsc1152308. Bug fixes : - Update to Docker...

SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork (SUSE-SU-2020:0035-1)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Security issue fixed : CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory bsc1152308. Bug fixes: Update to Docker 19.03.5-c...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4022)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4022 advisory. - x86: Add another set of MSR accessor functions Borislav Petkov Orabug: 27444923 CVE-2017-5753 - userns: prevent speculative execution Elena...

Ubuntu 15.10 - USERNS Overlayfs Over Fuse Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits Source: http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/ Introduction Problem description: On Ubuntu Wily it is possible to place an USERNS overlayfs mount over a fuse mount. The fuse filesystem may contain SUID...

Ubuntu 15.10 - USERNS Overlayfs Over Fuse Privilege Escalation

Ubuntu 15.10 - USERNS Overlayfs Over Fuse Privilege Escalation Source: http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/ Introduction Problem description: On Ubuntu Wily it is possible to place an USERNS overlayfs mount over a fuse mount. The fuse filesystem may contain...

Ubuntu 15.10 - 'USERNS ' Overlayfs Over Fuse Privilege Escalation

Source: http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/ Introduction Problem description: On Ubuntu Wily it is possible to place an USERNS overlayfs mount over a fuse mount. The fuse filesystem may contain SUID binaries, but those cannot be used to gain privileges due t...

openSUSE Security Update : the Linux Kernel (openSUSE-2016-256)

The openSUSE 13.2 kernel was updated to receive security and bugfixes. It also fixes a regression that caused the Chromium sandbox to no longer work bsc965356. Following security bugs were fixed : - CVE-2016-2069: A flaw was discovered in a way the Linux deals with paging structures. When Linux...

PT-2013-4896 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.10.6 Description: The issue is related to a memory leak in the unshare userns function, which can be triggered by local users through an invalid CLONE NEWUSER unshare call, leading to a denial of service due t...