Bjørn Steinbrink

**Name of the Vulnerable Software and Affected Versions** kernel-patch-vserver versions prior to 1.9.5.5 kernel-patch-vserver versions prior to 2.3 **Description** The issue affects the kernel-patch-vserver package in Debian GNU/Linux, allowing attackers to access files on the host system that are outside of the vserver. This can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely. **Recommendations** For kernel-patch-vserver versions prior to 1.9.5.5, update to version 1.9.5.5 or later. For kernel-patch-vserver versions prior to 2.3, update to version 2.3 or later. As a temporary workaround, consider restricting access to the util-vserver functionality until a patch is available.