27 matches found
CVE-2026-6437 AWS EFS CSI Driver Mount Option Injection
Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver aws-efs-csi-driver before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users...
PT-2026-6543
Name of the Vulnerable Software and Affected Versions rancher.io/local-path-provisioner versions prior to 0.0.34 Description A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986998)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986998 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fix use-after-free when volume creation failed There is an use-after-free...
EUVD-2024-3181
Malicious code in bioql PyPI...
CVE-2022-49388 ubi: ubi_create_volume: Fix use-after-free when volume creation failed
In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'ebatbl' in ubicreatevolume's error handling path: ubiebareplacetablevol, ebatbl vol-ebatbl = tbl outmapping:...
CVE-2022-49388 ubi: ubi_create_volume: Fix use-after-free when volume creation failed
In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'ebatbl' in ubicreatevolume's error handling path: ubiebareplacetablevol, ebatbl vol-ebatbl = tbl outmapping:...
CVE-2022-49388 ubi: ubi_create_volume: Fix use-after-free when volume creation failed
In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'ebatbl' in ubicreatevolume's error handling path: ubiebareplacetablevol, ebatbl vol-ebatbl = tbl outmapping:...
CVE-2022-49388
In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'ebatbl' in ubicreatevolume's error handling path: ubiebareplacetablevol, ebatbl vol-ebatbl = tbl outmapping:...
CVE-2022-49388
CVE-2022-49388 affects the Linux kernel ubi_create_volume() in the UBI subsystem. The issue is an use-after-free involving the 'eba_tbl' in the error handling path: ubi_eba_replace_table(vol, eba_tbl) assigns vol->eba_tbl = tbl, then on error the code path leads to ubi_eba_destroy_table(eba_tb...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ubicreatevolume function not handling ebatbl correctly in the event of a volume creation failure,...
AZL-54895 CVE-2024-56755 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: netfs/fscache: Add a memory barrier for FSCACHEVOLUMECREATING In fscachecreatevolume, there is a missing memory barrier between the bit-clearing operation and the wake-up operation. This may cause a situation where, after a...
Incorrect Authorization
github.com/hashicorp/nomad is vulnerable to Incorrect Authorization . The vulnerability is due to insufficient validation of CSI volume writes, which allows unauthorized access to create volumes across namespaces...
Hashicorp Nomad Incorrect Authorization vulnerability
Nomad Community and Nomad Enterprise "Nomad" volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface CSI volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad...
UBUNTU-CVE-2024-10975
Nomad Community and Nomad Enterprise "Nomad" volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface CSI volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad...
CVE-2024-10975 Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission
Nomad Community and Nomad Enterprise "Nomad" volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface CSI volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad...
CVE-2024-10975 Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission
Nomad Community and Nomad Enterprise "Nomad" volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface CSI volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad...
Exploit for CVE-2022-32832
CVE-2022-32832 Proof-of-concept and write-up for the CVE...
GSD-2022-1003967 ubi: ubi_create_volume: Fix use-after-free when volume creation failed
ubi: ubicreatevolume: Fix use-after-free when volume creation failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.283 by commit...
GSD-2022-1003860 ubi: ubi_create_volume: Fix use-after-free when volume creation failed
ubi: ubicreatevolume: Fix use-after-free when volume creation failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.247 by commit...
GSD-2022-1003536 ubi: ubi_create_volume: Fix use-after-free when volume creation failed
ubi: ubicreatevolume: Fix use-after-free when volume creation failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.122 by commit...