Recent content by ProxmoxSecurityAdvisory

Subject: PSA-2026-00025-1: Several vulnerabilities found in the Linux kernel Advisory date: 2026-06-01 Packages: proxmox-kernel-* Details: Several vulnerabilities affecting the apparmor and network generic receive offload code in the Linux kernel were found, allowing denial of service or...

Subject: PSA-2026-00024-1: "CIFSwitch" local privilege escalation Advisory date: 2026-05-29 Packages: proxmox-kernel-* Details: Missing validation of the cifs.spnego key object in the Linux kernel could be exploited by a local, unprivileged attacker to obtain root privileges. Mitigations...

Subject: PSA-2026-00022-2: "pintheft" local privilege escalation Advisory date: 2026-05-29 Packages: proxmox-kernel-* Details: A double-free bug in the RDS network handling code of the Linux kernel was discovered, which could be combined with an IO_URING page cache overwrite to achieve local...

Subject: PSA-2026-00023-1: LXC config injection / local privilege escalation via env property Advisory date: 2026-05-21 Packages: pve-container since 6.0.19 Details: Incomplete validation of the env property value in the pve-container LXC config handling code allowed injection of arbitrary...

Subject: PSA-2026-00022-1: "pintheft" local privilege escalation Advisory date: 2026-05-19 Packages: proxmox-kernel-* Details: A double-free bug in the RDS network handling code of the Linux kernel was discovered, which could be combined with an IO_URING page cache overwrite to achieve local...

Subject: PSA-2026-00021-1: "ssh-keysign-pwn" file disclosure via setuid binaries Advisory date: 2026-05-18 Packages: proxmox-kernel-* Details: A flaw in the Linux kernel was discovered that allowed a local, unprivileged user to exploit a race during the process exit of a setuid binary...

Subject: PSA-2026-00020-1: "Fragnesia" local privilege escalation Advisory date: 2026-05-18 Packages: proxmox-kernel-* Details: Incomplete tracking of whether a network packet (fragment) is externally backed (for example by user-/attacker-provided pages from the page cache) could be...

Subject: PSA-2026-00019-2: "DirtyFrag" Local Privilege Escalation Advisory date: 2026-05-08 Packages: proxmox-kernel-* Details: Two vulnerabilities in the Linux kernel were discovered, which when combined, allow an unprivileged local user to obtain root privileges. Mitigation: See...

Subject: PSA-2026-00019-1: "DirtyFrag" Local Privilege Escalation Advisory date: 2026-05-08 Packages: proxmox-kernel-* Details: Two vulnerabilities in the Linux kernel were discovered, which when combined, allow an unprivileged local user to obtain root privileges. Mitigation: Until fixed...

Subject: PSA-2026-00018-1: "copy.fail" local privilege escalation via AF_ALG socket Advisory date: 2026-04-30 Packages: proxmox-kernel-6.8, proxmox-kernel-6.14, proxmox-kernel-6.17 Details: An issue published under the name "copy.fail" was found in the Linux kernel's handling of AF_ALG...

Subject: PSA-2026-00017-1: Missing redaction of cloudinit cipassword in cloudinit/dump endpoint Advisory date: 2026-04-24 Packages: qemu-server Details: The endpoint used for provisioning cloud-init configuration correctly masks the cipassword field when returning the configuration. The...

Subject: PSA-2026-00016-1: Stored XSS in VM notes field Advisory date: 2026-04-24 Packages: pve-manager, proxmox-yew-comp, proxmox-datacenter-manager-ui Details: Missing sanitation of the <base> HTML tag when encoding the VM notes field could be exploited to execute arbitrary JS code in the...

Subject: PSA-2026-00015-1: Missing HA permission checks when auto-adding guest on create/restore Advisory date: 2026-04-24 Packages: qemu-server >= 9.0.24, pve-container >= 6.0.14 (PVE 9.x) Details: When creating or restoring a VM or container, it was possible to automatically add the...

Subject: PSA-2026-00014-1: Multiple VNC related issues Advisory date: 2026-04-24 Packages: qemu-server, pve-manager, pve-container Details: A race condition between the vncproxy and vncwebsocket API calls allowed an attacker with privileges to call "vncproxy" to hijack a VNC session that is...

Subject: PSA-2026-00013-1: OVA import XML XXE file disclosure and server-side request forgery Advisory date: 2026-04-24 Packages: pve-storage Details: If a storage with 'import' content type was available as upload/download target, a malicious archive could be used to leak arbitrary file...