Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

runc container escape via file descriptor overwrite (CVE-2019-5736)

CVE-2019-5736 let malicious containers overwrite the host runc binary and gain root — here's the mechanism, affected versions, and how to remediate it.

Jan 9, 20267 min read
Vulnerability Analysis

Linux cgroups release_agent container escape (CVE-2022-0492)

CVE-2022-0492 lets containers with CAP_SYS_ADMIN escape via cgroup v1's release_agent. Impact, timeline, and concrete remediation steps inside.

Jan 9, 20267 min read
Vulnerability Analysis

containerd-shim abstract Unix socket container escape (CVE-2020-15257)

CVE-2020-15257 let containers sharing a host network namespace abuse containerd-shim's abstract socket API. Here's the impact, fix, and remediation path.

Jan 9, 20267 min read
Vulnerability Analysis

Windows MSHTML Spoofing CVE-2024-43573 Explained

CVE-2024-43573 is a zero-day MSHTML spoofing flaw patched by Microsoft in October 2024. Here is the chain, detection, and why MSHTML keeps biting.

Jan 9, 20267 min read
Vulnerability Analysis

Kubernetes validating admission webhook bypass (CVE-2021-25735)

CVE-2021-25735 let attackers bypass Kubernetes validating admission webhooks on Node objects via a kube-apiserver flaw. Here's the fix and detection path.

Jan 8, 20267 min read
Vulnerability Analysis

Kubernetes kubelet symlink volume mount escape (CVE-2021-25741)

CVE-2021-25741 lets attackers escape subPath volume mounts in Kubernetes kubelet via a symlink race, exposing host files and enabling privilege escalation.

Jan 8, 20267 min read
Vulnerability Analysis

containerd CRI plugin mount escape (CVE-2022-23648)

CVE-2022-23648 let crafted pod volume specs bypass containerd's CRI mount isolation to reach arbitrary host files — versions, severity, and fixes.

Jan 8, 20266 min read
Vulnerability Analysis

Linux AF_PACKET privilege escalation (CVE-2020-14386)

CVE-2020-14386 lets a local attacker with CAP_NET_RAW corrupt Linux kernel heap memory via AF_PACKET and escalate privileges. Here's the fix and impact.

Jan 8, 20268 min read
Vulnerability Analysis

sudo -e/sudoedit privilege escalation bypass (CVE-2019-14287)

CVE-2019-14287 let sudo users bypass "run as any user except root" rules via `sudo -u#-1`, gaining full root. Here's how it worked and how to fix it.

Jan 7, 20268 min read
Vulnerability Analysis

PwnKit polkit pkexec local privilege escalation (CVE-2021-4034)

PwnKit (CVE-2021-4034) is a 12-year-old polkit pkexec flaw giving any local user instant root on most Linux distros. Here's the full breakdown and fix.

Jan 7, 20267 min read
Vulnerability Analysis

zlib heap buffer overflow via crafted input (CVE-2022-37434)

CVE-2022-37434: a heap buffer overflow in zlib's gzip header parsing. Affected versions, CVSS/EPSS/KEV context, timeline, and how to remediate it.

Jan 7, 20268 min read
Vulnerability Analysis

libwebp animated WebP overflow (CVE-2023-5129)

CVE-2023-5129 exposed a critical libwebp heap overflow, then got rejected as a duplicate of CVE-2023-4863 — leaving two CVE trails for one flaw.

Jan 7, 20268 min read
Vulnerability Analysis (Page 19) — Supply Chain Security Blog | Safeguard