13 matches found
CVE-2026-40197
A flaw was found in Incus, a system container and virtual machine manager. An authenticated user with access to the storage volume feature can exploit a nil-pointer dereference vulnerability during custom volume import operations. By supplying a specially crafted backup archive, the user can caus...
SUSE CVE-2026-40197
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...
CVE-2026-40251
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem contains an...
CVE-2026-40197 Incus nil-pointer dereference in custom volume import allows denial of service
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...
CVE-2026-40197
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...
CVE-2026-40197
Incus CVE-2026-40197 describes a nil-pointer dereference in the custom volume import path. During import, the code iterates over srcBackup.Config.VolumeSnapshots and dereferences each element without validating it, allowing an attacker-controlled null entry in volume_snapshots to crash the daemon...
CVE-2026-40197 Incus nil-pointer dereference in custom volume import allows denial of service
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...
Incus 代码问题漏洞
Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities. These vulnerabilities stemmed from a lack of validation logic in the volume import process. As a result, authenticated users could exploit this vulnerability ...
Incus 输入验证错误漏洞
Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from ineffective boundary checks in the volume import logic, which could allow authenticated users to...
Incus has a Nil-Pointer Dereference via Custom Volume Import
Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The custom volume...
GHSA-R7W7-MMXR-47R9 Incus has a Nil-Pointer Dereference via Custom Volume Import
Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The custom volume...
PT-2026-37103
Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem and t...
PT-2026-37149
Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Authenticated users can cause a denial of service by uploading large amounts of data, which may exhaust the disk space of the Incus server and potentially crash the host system. This occurs because...