diff --git a/website/_data/cve-track-record.yml b/website/_data/cve-track-record.yml index 2fbe89e693..94357c77a0 100644 --- a/website/_data/cve-track-record.yml +++ b/website/_data/cve-track-record.yml @@ -87,32 +87,32 @@ cves: cvss: 7.8 exploitable_under_gvisor: false - date: "2022-06" - description: "Improper Update of Reference Count vulnerability in `net/sched` of Linux Kernel allows local attacker to cause privilege escalation to root." + description: "Integer Overflow or Wraparound vulnerability in `io_uring` of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root." risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2022-29581" + cve: "CVE-2022-1116" cvss: 7.8 exploitable_under_gvisor: false - date: "2022-06" - description: "In the Linux kernel, `fs/io_uring.c` has a use-after-free due to a race condition in `io_uring` timeouts." + description: "A use-after-free flaw was found in the Linux kernel’s `io_uring` subsystem in the way a user sets up a ring with `IORING_SETUP_IOPOLL` with more than one task completing submissions on this ring." risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2022-29582" - cvss: 7.0 + cve: "CVE-2022-1786" + cvss: 7.8 exploitable_under_gvisor: false - date: "2022-06" - description: "Integer Overflow or Wraparound vulnerability in `io_uring` of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root." + description: "Improper Update of Reference Count vulnerability in `net/sched` of Linux Kernel allows local attacker to cause privilege escalation to root." risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2022-1116" + cve: "CVE-2022-29581" cvss: 7.8 exploitable_under_gvisor: false - date: "2022-06" - description: "A use-after-free flaw was found in the Linux kernel’s `io_uring` subsystem in the way a user sets up a ring with `IORING_SETUP_IOPOLL` with more than one task completing submissions on this ring." + description: "In the Linux kernel, `fs/io_uring.c` has a use-after-free due to a race condition in `io_uring` timeouts." risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2022-1786" - cvss: 7.8 + cve: "CVE-2022-29582" + cvss: 7.0 exploitable_under_gvisor: false - date: "2022-06" description: "A speculative execution vulnerability (Retbleed) in modern microprocessors allows unprivileged attackers to leak kernel memory." @@ -132,17 +132,17 @@ cves: cvss: 7.8 exploitable_under_gvisor: false - date: "2022-09" - description: "There exists a use-after-free in `io_uring` in the Linux kernel." + description: "In `io_identity_cow` of `io_uring.c`, there is a possible way to corrupt memory due to a use after free." risk: "Pod-to-guest escalation with root privs" scope: "All Linux VMs" - cve: "CVE-2022-3176" + cve: "CVE-2022-20409" cvss: 7.8 exploitable_under_gvisor: false - date: "2022-09" - description: "In `io_identity_cow` of `io_uring.c`, there is a possible way to corrupt memory due to a use after free." + description: "There exists a use-after-free in `io_uring` in the Linux kernel." risk: "Pod-to-guest escalation with root privs" scope: "All Linux VMs" - cve: "CVE-2022-20409" + cve: "CVE-2022-3176" cvss: 7.8 exploitable_under_gvisor: false - date: "2022-10" @@ -188,17 +188,24 @@ cves: cvss: 8.1 exploitable_under_gvisor: false - date: "2023-10" - description: "A use-after-free vulnerability in the Linux kernel's `net/sched`: `cls_u32` component can be exploited to achieve local privilege escalation." + description: "A use-after-free vulnerability in the Linux kernel's `netfilter`: `nf_tables` component can be exploited to achieve local privilege escalation." risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2023-4208" + cve: "CVE-2023-4015" cvss: 7.8 exploitable_under_gvisor: false - date: "2023-10" - description: "A use-after-free vulnerability in the Linux kernel's `netfilter`: `nf_tables` component can be exploited to achieve local privilege escalation." + description: "A use-after-free flaw was found in the Linux kernel’s `Netfilter` functionality when adding a rule with `NFTA_RULE_CHAIN_ID`." risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2023-4015" + cve: "CVE-2023-4147" + cvss: 7.8 + exploitable_under_gvisor: false + - date: "2023-10" + description: "A use-after-free vulnerability in the Linux kernel's `net/sched`: `cls_route` component can be exploited to achieve local privilege escalation." + risk: "Pod-to-guest escalation" + scope: "All Linux VMs" + cve: "CVE-2023-4206" cvss: 7.8 exploitable_under_gvisor: false - date: "2023-10" @@ -209,10 +216,10 @@ cves: cvss: 7.8 exploitable_under_gvisor: false - date: "2023-10" - description: "A use-after-free vulnerability in the Linux kernel's `net/sched`: `sch_hfsc` (HFSC `qdisc` traffic control) component can be exploited to achieve local privilege escalation." + description: "A use-after-free vulnerability in the Linux kernel's `net/sched`: `cls_u32` component can be exploited to achieve local privilege escalation." risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2023-4623" + cve: "CVE-2023-4208" cvss: 7.8 exploitable_under_gvisor: false - date: "2023-10" @@ -223,10 +230,10 @@ cves: cvss: 7.8 exploitable_under_gvisor: false - date: "2023-10" - description: "A use-after-free vulnerability in the Linux kernel's `net/sched`: `cls_route` component can be exploited to achieve local privilege escalation." + description: "A use-after-free vulnerability in the Linux kernel's `net/sched`: `sch_hfsc` (HFSC `qdisc` traffic control) component can be exploited to achieve local privilege escalation." risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2023-4206" + cve: "CVE-2023-4623" cvss: 7.8 exploitable_under_gvisor: false - date: "2023-10" @@ -236,13 +243,6 @@ cves: cve: "CVE-2023-4921" cvss: 7.8 exploitable_under_gvisor: false - - date: "2023-10" - description: "A use-after-free flaw was found in the Linux kernel’s `Netfilter` functionality when adding a rule with `NFTA_RULE_CHAIN_ID`." - risk: "Pod-to-guest escalation" - scope: "All Linux VMs" - cve: "CVE-2023-4147" - cvss: 7.8 - exploitable_under_gvisor: false - date: "2023-12" description: "A use-after-free vulnerability in the Linux kernel's `netfilter`: `nf_tables` component can be exploited to achieve local privilege escalation." risk: "Pod-to-guest escalation" @@ -265,46 +265,46 @@ cves: cvss: 8.2 exploitable_under_gvisor: false - date: "2024-02" - description: "A use-after-free flaw was found in the `netfilter` subsystem of the Linux kernel." + description: "Privilege escalation due to use-after-free in kernel TLS" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2024-0193" + cve: "CVE-2023-52447" cvss: 7.8 exploitable_under_gvisor: false - date: "2024-02" - description: "Privilege escalation due to use-after-free in kernel TLS" + description: "A use-after-free flaw was found in the `netfilter` subsystem of the Linux kernel." risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2024-26583" + cve: "CVE-2024-0193" cvss: 7.8 exploitable_under_gvisor: false - date: "2024-02" - description: "Privilege escalation due to use-after-free in kernel TLS" + description: "Privilege escalation due to use-after-free in `nf_tables`" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2024-26584" - cvss: 7.8 + cve: "CVE-2024-26581" + cvss: 7.0 exploitable_under_gvisor: false - date: "2024-02" description: "Privilege escalation due to use-after-free in kernel TLS" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2024-26585" + cve: "CVE-2024-26583" cvss: 7.8 exploitable_under_gvisor: false - date: "2024-02" description: "Privilege escalation due to use-after-free in kernel TLS" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2023-52447" + cve: "CVE-2024-26584" cvss: 7.8 exploitable_under_gvisor: false - date: "2024-02" - description: "Privilege escalation due to use-after-free in `nf_tables`" + description: "Privilege escalation due to use-after-free in kernel TLS" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2024-26581" - cvss: 7.0 + cve: "CVE-2024-26585" + cvss: 7.8 exploitable_under_gvisor: false - date: "2024-03" description: "Privilege escalation due to anonymous set in `nf_tables`" @@ -356,24 +356,24 @@ cves: cvss: 7.8 exploitable_under_gvisor: false - date: "2024-05" - description: "Privilege escalation in `net/packet` / `nf_tables`" + description: "Out-of-bounds access in eBPF verifier" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2024-26925" + cve: "CVE-2022-23222" cvss: 7.8 exploitable_under_gvisor: false - date: "2024-05" - description: "Out-of-bounds access in eBPF verifier" + description: "Privilege escalation due to use-after-free in kernel TLS" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2022-23222" + cve: "CVE-2024-26800" cvss: 7.8 exploitable_under_gvisor: false - date: "2024-05" - description: "Privilege escalation due to use-after-free in kernel TLS" + description: "Privilege escalation in `net/packet` / `nf_tables`" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2024-26800" + cve: "CVE-2024-26925" cvss: 7.8 exploitable_under_gvisor: false - date: "2024-06" @@ -408,80 +408,80 @@ cves: cvss: 7.8 exploitable_under_gvisor: false - date: "2025-03" - description: "Linux `qdisc` implementation flaw" + description: "Privilege escalation in `netfilter`" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2024-53164" + cve: "CVE-2023-52927" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-03" - description: "`Vsock` privilege escalation" + description: "Linux `qdisc` implementation flaw" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2025-21756" + cve: "CVE-2024-53164" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-03" - description: "Privilege escalation in `netfilter`" + description: "`Vsock` privilege escalation" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2023-52927" + cve: "CVE-2025-21756" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-04" description: "Local privilege escalation in `qdisc`" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2025-21703" + cve: "CVE-2025-21700" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-04" description: "Local privilege escalation in `qdisc`" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2025-21700" + cve: "CVE-2025-21703" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-05" - description: "`io_uring` ring mapped supplied buffers vulnerability" + description: "`ctstate` `RELATED` `iptables` rule flaw" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2025-40364" + cve: "CVE-2023-52927" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-05" - description: "Local privilege escalation in `qdisc`" + description: "Operations on net devices during unregister" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2025-37798" + cve: "CVE-2025-21701" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-05" description: "Local privilege escalation in `qdisc`" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2025-37797" + cve: "CVE-2025-37752" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-05" description: "Local privilege escalation in `qdisc`" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2025-37752" + cve: "CVE-2025-37797" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-05" - description: "`ctstate` `RELATED` `iptables` rule flaw" + description: "Local privilege escalation in `qdisc`" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2023-52927" + cve: "CVE-2025-37798" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-05" - description: "Operations on net devices during unregister" + description: "`io_uring` ring mapped supplied buffers vulnerability" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2025-21701" + cve: "CVE-2025-40364" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-06" @@ -527,24 +527,24 @@ cves: cvss: 7.8 exploitable_under_gvisor: false - date: "2025-08" - description: "Use-after-free in `net/packet`" + description: "Data corruption in Kernel TLS" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2025-38617" + cve: "CVE-2025-38616" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-08" - description: "Use-after-free in `vsock`" + description: "Use-after-free in `net/packet`" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2025-38618" + cve: "CVE-2025-38617" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-08" - description: "Data corruption in Kernel TLS" + description: "Use-after-free in `vsock`" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2025-38616" + cve: "CVE-2025-38618" cvss: 7.8 exploitable_under_gvisor: false - date: "2025-10" @@ -624,13 +624,6 @@ cves: cve: "CVE-2026-23209" cvss: 7.8 exploitable_under_gvisor: false - - date: "2026-03" - description: "Use-after-free in `nf_tables`" - risk: "Pod-to-guest escalation" - scope: "All Linux VMs" - cve: "CVE-2026-23231" - cvss: 7.8 - exploitable_under_gvisor: false - date: "2026-03" description: "Local privilege escalation in AppArmor" risk: "Pod-to-guest escalation" @@ -649,10 +642,10 @@ cves: mitigation_gap: "" vm_prevented: true - date: "2026-03" - description: "Local privilege escalation in `snap-confine` and `systemd-tmpfiles`" + description: "Use-after-free in `nf_tables`" risk: "Pod-to-guest escalation" - scope: "Ubuntu VMs" - cve: "CVE-2026-3888" + scope: "All Linux VMs" + cve: "CVE-2026-23231" cvss: 7.8 exploitable_under_gvisor: false - date: "2026-03" @@ -676,6 +669,13 @@ cves: cve: "CVE-2026-23394" cvss: 7.8 exploitable_under_gvisor: false + - date: "2026-03" + description: "Local privilege escalation in `snap-confine` and `systemd-tmpfiles`" + risk: "Pod-to-guest escalation" + scope: "Ubuntu VMs" + cve: "CVE-2026-3888" + cvss: 7.8 + exploitable_under_gvisor: false - date: "2026-04" description: "Use-after-free via race condition" risk: "Denial of Service" @@ -690,6 +690,13 @@ cves: cve: "CVE-2026-23392" cvss: 7.8 exploitable_under_gvisor: false + - date: "2026-04" + description: "Data structure mishandling in `ipset`" + risk: "Network policy bypass" + scope: "All Linux VMs" + cve: "CVE-2026-31418" + cvss: 7.5 + exploitable_under_gvisor: false - date: "2026-04" description: "Use-after-free in IPv6 stack" risk: "Pod-to-guest escalation" @@ -698,11 +705,11 @@ cves: cvss: 7.8 exploitable_under_gvisor: false - date: "2026-04" - description: "Data structure mishandling in `ipset`" - risk: "Network policy bypass" + description: "Chained attack in `AF_ALG` + `splice` syscall" + risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2026-31418" - cvss: 7.5 + cve: "CVE-2026-31431" + cvss: 7.8 exploitable_under_gvisor: false - date: "2026-04" description: "Use-after-free in `packet_release` via `NETDEV_UP` race" @@ -718,18 +725,18 @@ cves: cve: "CVE-2026-31533" cvss: 7.5 exploitable_under_gvisor: false - - date: "2026-04" - description: "Chained attack in `AF_ALG` + `splice` syscall" + - date: "2026-05" + description: "Linux bonding device vulnerability leading to container escape" risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "CVE-2026-31431" + cve: "" cvss: 7.8 exploitable_under_gvisor: false - date: "2026-05" - description: "Linux bonding device vulnerability leading to container escape" + description: "Improper handling of shared socket buffer (skb) fragments during Encapsulating Security Payload (ESP) decryption in the xfrm subsystem in the Linux kernel allows a local user to write to read-only page-cache pages, potentially leading to local privilege escalation." risk: "Pod-to-guest escalation" scope: "All Linux VMs" - cve: "" + cve: "CVE-2026-43284" cvss: 7.8 exploitable_under_gvisor: false - date: "2026-06"