CVE-2025-59030

An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP...

CVE-2025-40820

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only ...

CVE-2023-53839

In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp-dccpsmsscache dccpsendmsg reads dp-dccpsmsscache before locking the socket. Same thing in dodccpgetsockopt. Add READONCE/WRITEONCE annotations, and change dccpsendmsg to check again dccpsmsscache aft...

UBUNTU-CVE-2022-50676

In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rdstcpresetcallbacks syzbot is reporting lockdep warning at rdstcpresetcallbacks 1, for commit ac3615e7f3cffe2a "RDS: TCP: Reduce code duplication in rdstcpresetcallbacks"...

UBUNTU-CVE-2025-59030

An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

kernel: sctp: linearize cloned gso packets in sctp_rcv

A flaw use of uninitialized memory uncontrolled and invisible by attacker in the Linux kernel SCTP transport protocol was found in the way user triggers malicious SCTP packets. A remote user could use this flaw to crash the system. The bug actual only for systems where SCTP protocol being enabled...

CVE-2025-40820

CVE-2025-40820 describes a vulnerability in Siemens’ IP stack (Interniche TCP/IP) affecting multiple Siemens products. The issue arises from improper enforcement of TCP sequence number validation, permitting an unauthenticated remote attacker to interfere with connection setup in TCP-based servic...

CVE-2025-40331

In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctpdiagdump - sctpforeachendpoint - sctpepdump make sure not to exceed bounds in case the address list has grown between buffer allocatio...

CVE-2025-40331 sctp: Prevent TOCTOU out-of-bounds write

In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctpdiagdump - sctpforeachendpoint - sctpepdump make sure not to exceed bounds in case the address list has grown between buffer allocatio...

UBUNTU-CVE-2023-53781

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcpwritetimerhandler. With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcpwritetimerhandler by kernel TCP sockets. 0 If SMC creates a kernel socket in smccreate, the kernel...

CVE-2023-53781 smc: Fix use-after-free in tcp_write_timer_handler().

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcpwritetimerhandler. With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcpwritetimerhandler by kernel TCP sockets. 0 If SMC creates a kernel socket in smccreate, the kernel...

sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto

...

sctp: avoid NULL dereference when chunk data buffer is missing

...

SUSE CVE-2025-40240

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

UBUNTU-CVE-2025-40240

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

CVE-2025-40240

In CVE-2025-40240, the Linux kernel SCTP path had a NULL dereference when chunk data buffer was missing. The fix ensures chunk->skb is not dereferenced unless the chunk head indicates a valid skb, by checking frag_list and reordering the replacement of chunk->skb. The outer if() condition g...

RLSA-2025:22388 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm CVE-2025-38724 kernel: smb: client: fix race with concurrent opens in rename2 CVE-2025-39825 kernel: mm/memory-failure: fix...

kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect()

A flaw was found in the TCP subsystem in tcpdisconnect of the Linux kernel.The server-side TCP Fast Open socket was reused as a new client before the TFO socket completes, leading to an information leak...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...