7 matches found
Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
Summary A sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source outside the intended per-volu...
GHSA-FJV8-J4P5-CR9M Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
Summary A sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source outside the intended per-volu...
CVE-2026-31410
In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...
CVE-2026-31410
In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...
GO-2026-4816 NFS CSI driver for Kubernetes is Vulnerable to Path Traversal through Volume Identifier Parameter in github.com/kubernetes-csi/csi-driver-nfs
NFS CSI driver for Kubernetes is Vulnerable to Path Traversal through Volume Identifier Parameter in github.com/kubernetes-csi/csi-driver-nfs...
CVE-2023-53265
In the Linux kernel, the following vulnerability has been resolved: ubi: ensure that VID header offset + VID header size dumpstack lib/dumpstack.c:88 inline dumpstacklvl+0x85/0xad lib/dumpstack.c:106 printaddressdescription mm/kasan/report.c:317 inline printreport.cold.13+0xb6/0x6bb...
CVE-2024-26736 afs: Increase buffer size in afs_update_volume_status()
In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in afsupdatevolumestatus The max length of volume-vid value is 20 characters. So increase idbuf size up to 24 to avoid overflow. Found by Linux Verification Center linuxtesting.org with SVACE. DH:...