Lucene search
+L

41 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-38488

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming...

7.8CVSS7AI score0.00278EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/07/28 11:22 p.m.7 views

SUSE CVE-2025-38488

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...

7.8CVSS6.5AI score0.00278EPSS
Exploits0References117
NVD
NVD
added 2025/07/28 12:15 p.m.15 views

CVE-2025-38488

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...

7.8CVSS0.00278EPSS
Exploits0References9
OSV
OSV
added 2025/07/28 12:15 p.m.10 views

UBUNTU-CVE-2025-38488

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...

7.8CVSS5.8AI score0.00278EPSS
Exploits0References39
Cvelist
Cvelist
added 2025/07/28 11:21 a.m.12 views

CVE-2025-38488 smb: client: fix use-after-free in crypt_message when using async crypto

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...

0.00278EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2025/07/28 11:21 a.m.6 views

CVE-2025-38488

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...

7.8CVSS6.4AI score0.00278EPSS
Exploits0
CVE
CVE
added 2025/07/28 11:21 a.m.90 views

CVE-2025-38488

CVE-2025-38488 affects the Linux kernel SMB client path (crypt_message) where async crypto could lead to use-after-free when hardware accelerators return -EINPROGRESS. The issue arose after CVE-2024-50047 fixed async handling for all operations but hardware offload could still complete asynchrono...

7.8CVSS7.7AI score0.00278EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2025/07/28 11:21 a.m.4 views

CVE-2025-38488 smb: client: fix use-after-free in crypt_message when using async crypto

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...

7.8CVSS6.5AI score0.00278EPSS
Exploits0References12
OSV
OSV
added 2025/07/22 6:14 p.m.5 views

CLSA-2025-1753208069 nodejs: Fix of CVE-2025-23166

CVE-2025-23166: src: fix error handling on async crypto operations...

7.5CVSS7.3AI score0.00763EPSS
Exploits0References1
OSV
OSV
added 2025/06/20 11:4 a.m.2 views

SUSE-SU-2025:02045-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.19.2: - CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. - CVE-2025-23167: improper HTTP header block termination in llhttp bsc1243220. - CVE-2025-23165: add missing call to...

7.5CVSS6.9AI score0.00763EPSS
Exploits1References8
SUSE Linux
SUSE Linux
added 2025/06/11 5:41 a.m.1 views

Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.15.1. Security issues fixed: CVE-2025-23166: remotely triggerable process crash due to improper error handling in async cryptographic operations bsc1243218. CVE-2025-23165: memory leak and unbounded memory growth due to...

8.2CVSS7AI score0.00763EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2024/07/15 9:25 p.m.4 views

kernel: tls: race between async notify and socket close

A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread that calls recvmsg/sendmsg may exit as soon as the async crypto handler calls complete; any code past that point risks touching already freed data. This could lead to a use-after-free issue an...

4.7CVSS6.8AI score0.00177EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/05/20 12:0 a.m.32 views

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-065)

The version of kernel installed on the remote host is prior to 5.4.275-189.375. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-065 advisory. 2024-05-23: CVE-2024-26923 was added to this advisory. A flaw was found in the smb client in the Linux...

8CVSS6.5AI score0.00561EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.4 views

kernel: tls: race between async notify and socket close

A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread that calls recvmsg/sendmsg may exit as soon as the async crypto handler calls complete; any code past that point risks touching already freed data. This could lead to a use-after-free issue an...

4.7CVSS6.8AI score0.00177EPSS
Exploits0References5
NVD
NVD
added 2024/02/21 3:15 p.m.29 views

CVE-2024-26585

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler calls complete. Reorder scheduling the work before calling...

4.7CVSS5.8AI score0.0019EPSS
Exploits0References6
NVD
NVD
added 2024/02/21 3:15 p.m.33 views

CVE-2024-26583

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching already freed data...

4.7CVSS5.8AI score0.00177EPSS
Exploits0References6
Prion
Prion
added 2024/02/21 3:15 p.m.36 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching already freed data...

7.6AI score0.00177EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/02/21 3:15 p.m.47 views

CVE-2024-26585

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler calls complete. Reorder scheduling the work before calling...

4.7CVSS6.3AI score0.0019EPSS
Exploits0References25
UbuntuCve
UbuntuCve
added 2024/02/21 3:15 p.m.53 views

CVE-2024-26583

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching already freed data...

4.7CVSS6.4AI score0.00177EPSS
Exploits0References25
Debian CVE
Debian CVE
added 2024/02/21 2:59 p.m.38 views

CVE-2024-26585

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler calls complete. Reorder scheduling the work before calling...

4.7CVSS7.4AI score0.0019EPSS
Exploits0
Rows per page
Query Builder