glvd logo
glvd logo
Garden Linux Vulnerability Database
CVE Description

"A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation."

Metadata

Vulnerability Status Published Date Modified Date Ingested Date
Awaiting Analysis 2026-04-09T16:16:31.987 2026-04-13T15:02:47.353 2026-04-13 15:02:47.353+00

CVSS Scores

CVSS Version Base Score DEB CVSS Severity Vector String
3.1 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Linux Images

Distro Version Source Package Package Version Is Vulnerable Is fixed in Version
gardenlinux kvm-cilium-k3s-1435.0-4a8f67f4 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-gardener-1435.0-4a8f67f4 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-cg2epc-gardener-1435.0-4a8f67f4 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-vhost-1435.0-4a8f67f4 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-1435.0-4a8f67f4 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-cilium-k3s-1461.0-e82c34ca libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-gardener-1461.0-e82c34ca libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-cg2epc-gardener-1461.0-e82c34ca libcap2 1:2.66-5 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-vhost-1461.0-e82c34ca libcap2 1:2.66-5 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-1461.0-e82c34ca libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-cilium-k3s-1504.0-6aac186b libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-gardener-1504.0-6aac186b libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-cg2epc-gardener-1504.0-6aac186b libcap2 1:2.66-5 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-vhost-1504.0-6aac186b libcap2 1:2.66-5 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-1504.0-6aac186b libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-cilium-k3s-1510.0-0eb2d8b0 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-gardener-1510.0-0eb2d8b0 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-cg2epc-gardener-1510.0-0eb2d8b0 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-vhost-1510.0-0eb2d8b0 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-1510.0-0eb2d8b0 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-cilium-k3s-1569.0-5a8afbfa libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-gardener-1569.0-5a8afbfa libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-cg2epc-gardener-1569.0-5a8afbfa libcap2 1:2.66-5 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-vhost-1569.0-5a8afbfa libcap2 1:2.66-5 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-1569.0-5a8afbfa libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-cilium-k3s-1605.0-490ed850 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-gardener-1605.0-490ed850 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-vhost-1605.0-490ed850 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-1605.0-490ed850 libcap2 1:2.66-5 true 1:2.78-1
gardenlinux kvm-cilium-k3s-1721.0-9802b525 libcap2 1:2.66-5+b1 true 1:2.78-1
gardenlinux kvm-gardener-1721.0-9802b525 libcap2 1:2.66-5+b1 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-ucode-vhost-1721.0-9802b525 libcap2 1:2.66-5+b1 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-ucode-1721.0-9802b525 libcap2 1:2.66-5+b1 true 1:2.78-1
debian_linux 13 libcap2 1:2.75-10 true 1:2.78-1
debian_linux 12 libcap2 1:2.66-4+deb12u2 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-router-ucode-1721.0-9802b525 libcap2 1:2.66-5+b1 true 1:2.78-1
gardenlinux kvm-cilium-k3s-1862.0-6be879c6 libcap2 1:2.75-7gl0 true 1:2.78-1
gardenlinux kvm-gardener-1862.0-6be879c6 libcap2 1:2.75-7gl0 true 1:2.78-1
gardenlinux pt-gardener-nvgpu-1862.0-6be879c6 libcap2 1:2.75-7gl0 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-ucode-vhost-1862.0-6be879c6 libcap2 1:2.75-7gl0 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-ucode-1862.0-6be879c6 libcap2 1:2.75-7gl0 true 1:2.78-1
gardenlinux metal-cilium-k3s-osc-router-ucode-1862.0-6be879c6 libcap2 1:2.75-7gl0 true 1:2.78-1
debian_linux 14 libcap2 1:2.78-1 false 1:2.78-1