Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs

Summary In the runtime-rs standalone virtio-fs path, verified here with QEMU and verified with Cloud Hypervisor too, Kata Containers runs host virtiofsd as root with: --sandbox none --seccomp none If an attacker has root-equivalent execution inside the Kata guest VM, they can send raw FUSE reques...

CLSA-2026-1779375889 kernel: Fix of 95 CVEs

perf/x86/intel/uncore: Fix die ID init and look up bugs CVE-2026-43344 - x86/apic: Disable x2apic on resume if the kernel expects so CVE-2026-43363 - drm/amdgpu: Fix use-after-free race in VM acquire CVE-2026-43370 - dm: remove fake timeout to avoid leak request CVE-2026-43314 - md/bitmap: fix...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: virtiofs: added a check for the filesystem context source name In certain scenarios, for example during fuzz testing, the source name may be NULL, which could lead to a kernel panic. Therefore, an additional check for the source...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fsdax: Fixed an infinite loop in daxiomaprw. I encountered an infinite loop and a warning message when executing the tail command in virtiofs. The warning message reads: CPU: 10 PID: 964 at fs/iomap/iter.c:34 iomapiter+0x3a2/0x3d...

RUSTSEC-2026-0147 Read-only volume remount bypass via guest CAP_SYS_ADMIN

Affected versions of boxlite mount host directories shared via virtiofs as guest-side read-only by setting MSRDONLY from the guest. Because the default guest capability set included CAPSYSADMIN, untrusted code running inside a sandbox could execute mount -o remount,rw to re-flag the share as...

Read-only volume remount bypass via guest CAP_SYS_ADMIN

Affected versions of boxlite mount host directories shared via virtiofs as guest-side read-only by setting MSRDONLY from the guest. Because the default guest capability set included CAPSYSADMIN, untrusted code running inside a sandbox could execute mount -o remount,rw to re-flag the share as...

PT-2026-42209

Name of the Vulnerable Software and Affected Versions Boxlite versions prior to 0.9.0 Description Boxlite is a sandbox service that allows users to create lightweight virtual machines and launch OCI containers to run untrusted code. The software fails to properly enforce read-only mounts for host...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: virtiofs: fix memory leak in virtiofsprobe When accidentally passing twice the same tag to qemu, kmemleak ended up reporting a memory leak in virtiofs. Also, looking at the log I saw the following error that's when I realised the...

ROS-20260126-73-0053

A vulnerability in the virtiofs component of the Linux operating system kernel is related to improper validation of a function's return value. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37773)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37773 advisory. - In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source...

EUVD-2025-13040

Malicious code in bioql PyPI...

EUVD-2024-51891

Malicious code in bioql PyPI...

virtiofs: use pages instead of pointer for kernel direct IO

...

Linux Distros Unpatched Vulnerability : CVE-2025-37773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virtiofs: add filesystem context source name check In certain scenarios, for example, during fuzz testing, the source name may be NULL, which could lead to a...

Linux Distros Unpatched Vulnerability : CVE-2021-46956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: virtiofs: fix memory leak in virtiofsprobe When accidentally passing twice the same tag to...

virtiofs: add filesystem context source name check

...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-079)

The version of kernel installed on the remote host is prior to 5.15.182-123.190. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-079 advisory. In the Linux kernel, the following vulnerability has been resolved: media: streamzap: fix race between...

SUSE CVE-2025-37773

In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source name check In certain scenarios, for example, during fuzz testing, the source name may be NULL, which could lead to a kernel panic. Therefore, an extra check for the source name should be...

DEBIAN-CVE-2025-37773

In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source name check In certain scenarios, for example, during fuzz testing, the source name may be NULL, which could lead to a kernel panic. Therefore, an extra check for the source name should be...

UBUNTU-CVE-2025-37773

In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source name check In certain scenarios, for example, during fuzz testing, the source name may be NULL, which could lead to a kernel panic. Therefore, an extra check for the source name should be...