UBUNTU-CVE-2024-26865

In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsktimerhandler. syzkaller reported a warning of netns tracker 0 followed by KASAN splat 1 and another ref tracker warning 1. syzkaller could not find a repro, but in the log, the only...

SUSE CVE-2024-26640

In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to canmapfrag these additional checks: - Page must not be a compound one....

kernel: use after free in nvmet_tcp_free_crypto in NVMe

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead t...

The vulnerability of the `nvmet_tcp_build_pdu_iovec()` function in the `drivers/nvme/target/tcp.c` file of the Linux NVMe kernel driver allows a attacker to cause a service failure.

The vulnerability of the nvmettcpbuildpduiovec function in the drivers/nvme/target/tcp.c file of the Linux NVMe kernel driver is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

UBUNTU-CVE-2021-47010

In the Linux kernel, the following vulnerability has been resolved: net: Only allow init netns to set default tcp cong to a restricted algo tcpsetdefaultcongestioncontrol is netns-safe in that it writes to &net-ipv4.tcpcongestioncontrol, but it also sets ca-flags |= TCPCONGNONRESTRICTED which is...

kernel: sctp: fail if no bound addresses can be used for a given scope

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service...

kernel: NULL pointer dereference in nvmet_tcp_execute_request

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service...

kernel: NULL pointer dereference in __nvmet_req_complete

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service...

gRPC: file descriptor exhaustion leads to denial of service

A flaw was found in gRPC. Lack of error handling in the TCP server in Google's gRPC, starting in version 1.23 on POSIX-compatible platforms for example, Linux, allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++,...

PT-2024-2660 · Siemens · Siplus Net Cp 343-1 Lean +3

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 343-1 versions All SIMATIC CP 343-1 Lean versions All SIPLUS NET CP 343-1 versions All SIPLUS NET CP 343-1 Lean versions All Description: A vulnerability has been identified in the affected products, which incorrectly validate TCP...

DEBIAN-CVE-2023-6356

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service...

UBUNTU-CVE-2023-6356

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service...

kernel: sctp: fail if no bound addresses can be used for a given scope

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service...

kernel: NULL pointer dereference in __nvmet_req_complete

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service...

kernel: sctp: fail if no bound addresses can be used for a given scope

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service...

Westermo Lynx 206-F2G Security Vulnerability

The Westermo Lynx 206-F2G is a Layer 3 industrial Ethernet switch from Westermo, Sweden, powered by the Westermo WeOS network operating system. A security vulnerability exists in the Westermo Lynx 206-F2G. An attacker could use this vulnerability to obtain sensitive information exchanged over TCP...

The vulnerability of the TCP Initial Sequence Number Handler component in the Tianocore EDK2 library, which allows a hacker to gain unauthorized access to confidential data

The vulnerability of the TCP Initial Sequence Number Handler component in the Tianocore EDK2 library is related to buffer overflow attacks. Exploiting this vulnerability allows a remote attacker to gain unauthorized access to confidential data...

TCP Resets from Client and Server aka TCP-RST-FROM-Client

Diving into the Enigma of TCP Resets Executed by Client and Server The Base Communication Protocol BCP, understoond as the Transmission Control Protocol TCP" equivalent, plays a key role in the protocol unit of the internet. Its primary task entails laying a groundwork for communication between t...

DEBIAN-CVE-2023-39197

An out-of-bounds read vulnerability was found in Netfilter Connection Tracking conntrack in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol...

The vulnerability of the TCP/IP protocol implementation in Windows operating systems allows attackers to disclose sensitive information.

The vulnerability of the TCP/IP protocol implementation in Windows operating systems is related to deficiencies in the access control mechanism. Exploiting this vulnerability allows a malicious actor to disclose protected information remotely...