Linux : Security Vulnerabilities, CVEs, Published In May 2016 (Gain Privilege)
fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.
Max CVSS
6.1
EPSS Score
0.04%
Published
2016-05-02
Updated
2016-08-12
The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-05-02
Updated
2023-01-20
2 vulnerabilities found