1883 matches found
CVE-2023-53825
In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCKDGRAM in kcmsendmsg. syzkaller found a memory leak in kcmsendmsg, and commit c821a88bd720 "kcm: Fix memory leak in error path of kcmsendmsg" suppressed it by updating kcmtxmsghead-lastskb if partia...
CVE-2022-50676
In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rdstcpresetcallbacks syzbot is reporting lockdep warning at rdstcpresetcallbacks 1, for commit ac3615e7f3cffe2a "RDS: TCP: Reduce code duplication in rdstcpresetcallbacks"...
UBUNTU-CVE-2023-53825
In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCKDGRAM in kcmsendmsg. syzkaller found a memory leak in kcmsendmsg, and commit c821a88bd720 "kcm: Fix memory leak in error path of kcmsendmsg" suppressed it by updating kcmtxmsghead-lastskb if partia...
CVE-2023-53825
In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCKDGRAM in kcmsendmsg. syzkaller found a memory leak in kcmsendmsg, and commit c821a88bd720 "kcm: Fix memory leak in error path of kcmsendmsg" suppressed it by updating kcmtxmsghead-lastskb if partia...
CVE-2023-53825 kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCKDGRAM in kcmsendmsg. syzkaller found a memory leak in kcmsendmsg, and commit c821a88bd720 "kcm: Fix memory leak in error path of kcmsendmsg" suppressed it by updating kcmtxmsghead-lastskb if partia...
CVE-2023-53825 kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCKDGRAM in kcmsendmsg. syzkaller found a memory leak in kcmsendmsg, and commit c821a88bd720 "kcm: Fix memory leak in error path of kcmsendmsg" suppressed it by updating kcmtxmsghead-lastskb if partia...
CVE-2023-53825
CVE-2023-53825 affects the Linux kernel’s kcm_sendmsg() for SOCK_DGRAM. A memory-leak in the error path could corrupt the MSG_MORE queue when a partial copy occurs; the fix updates kcm_tx_msg(head)->last_skb and adds purge behavior on failure (like UDP via udp_flush_pending_frames) to avoid qu...
DEBIAN-CVE-2023-53809
In the Linux kernel, the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tptunnelregister When a file descriptor of pppol2tp socket is passed as file descriptor of UDP socket, a recursive deadlock occurs in l2tptunnelregister. This situation is reproduced b...
DEBIAN-CVE-2023-53782
In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only want to access the first 8 bytes of th...
CVE-2023-53809 l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
In the Linux kernel, the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tptunnelregister When a file descriptor of pppol2tp socket is passed as file descriptor of UDP socket, a recursive deadlock occurs in l2tptunnelregister. This situation is reproduced b...
CVE-2023-53782
In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only want to access the first 8 bytes of th...
CVE-2023-53782 dccp: Fix out of bounds access in DCCP error handler
In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only want to access the first 8 bytes of th...
PT-2025-49730
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A data race condition exists around dp-dccps mss cache in the Data Communication Channel Protocol DCCP implementation. The dccp sendmsg function and do dccp getsockopt read dp-dccps mss...
PT-2025-49716
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue was identified in the Linux kernel related to error handling within the kcm sendmsg function when dealing with SOCK DGRAM sockets. A memory leak was initially addressed, but a...
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol UDP for command-and-control C2 purposes. The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from...
Linux Distros Unpatched Vulnerability : CVE-2025-32900
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device,...
SUSE CVE-2025-32899
In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP...
DEBIAN-CVE-2025-32900
In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5...
UBUNTU-CVE-2025-32900
In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5...
CVE-2025-32901
In KDE Connect before 1.33.0 on Android, malicious device IDs sent via broadcast UDP could cause an application crash...