Lucene search
K

57 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/05/11 12:0 a.m.147 views

VulnCheck KEV: CVE-2026-43284

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFLSHAREDFRAG after skbsplicefromiter, so later paths that may modify packet data ca...

8.8CVSS5.8AI score0.93235EPSS
In wildExploits31References2
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-017397)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017397 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe...

8.8CVSS6AI score0.93235EPSS
Exploits31References4
Microsoft CVE
Microsoft CVE
added 2026/05/09 8:1 a.m.29 views

xfrm: esp: avoid in-place decrypt on shared skb frags

...

8.8CVSS6AI score0.93235EPSS
Exploits31
OSV
OSV
added 2026/05/08 7:50 p.m.6 views

CLSA-2026-1778261157 Update of kernel

xfrm: esp: avoid in-place decrypt on shared skb frags...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/08 7:23 p.m.10 views

CLSA-2026-1778260978 Update of kernel

xfrm: esp: avoid in-place decrypt on shared skb frags...

5.8AI score
Exploits0References1
Wiz blog
Wiz blog
added 2026/05/08 8:57 a.m.12 views

Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPC

Unpatched kernel flaw chain CVE-2026-43284, CVE-2026-43500 enables root escalation on major Linux distributions...

8.8CVSS5.8AI score0.93235EPSS
Exploits33
OSV
OSV
added 2026/05/08 8:16 a.m.15 views

UBUNTU-CVE-2026-43284

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFLSHAREDFRAG after skbsplicefromiter, so later paths that may modify packet data ca...

8.8CVSS6AI score0.93235EPSS
Exploits31References29
Microsoft CVE
Microsoft CVE
added 2026/04/23 8:6 a.m.6 views

esp: fix skb leak with espintcp and async crypto

...

7.1CVSS5.2AI score0.00123EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/22 6:24 p.m.5 views

CVE-2026-31472

A flaw was found in the Linux kernel, specifically within the xfrm and iptfs components. A remote attacker could exploit this vulnerability by sending a specially crafted Encapsulating Security Payload ESP packet. This packet, containing an inner IPv4 header with a total length totlen of zero or...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 3:31 p.m.5 views

EUVD-2026-24902

In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp and async crypto When the TX queue for espintcp is full, espoutputtailtcp will return an error and not free the skb, because with synchronous crypto, the common xfrm output code will drop the packe...

5.7AI score0.00123EPSS
Exploits0References9
NVD
NVD
added 2026/02/04 5:16 p.m.8 views

CVE-2026-23060

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, cryptoauthencesndecrypt can advance past the end of...

5.5CVSS0.00123EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/04 4:7 p.m.30 views

CVE-2026-23060 crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, cryptoauthencesndecrypt can advance past the end of...

0.00123EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-0040

Malware in sbrugna...

6.4CVSS6.4AI score0.04081EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2025/01/02 9:44 p.m.3 views

libreswan: Invalid IKEv2 REKEY proposal causes restart

An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...

6.5CVSS5.8AI score0.00691EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/01/02 9:44 p.m.7 views

libreswan: IKEv1 default AH/ESP responder can crash and restart

A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...

6.5CVSS6.3AI score0.008EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/01/02 6:44 p.m.4 views

libreswan: IKEv1 default AH/ESP responder can crash and restart

A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...

6.5CVSS6.3AI score0.008EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/06/28 12:0 a.m.4 views

The vulnerability of the VPN protocol library using “IPsec” in libreswan, related to uncontrolled, reachable assertions, allows attackers to cause service failures.

The vulnerability of the VPN protocol using “IPsec” with libreswan is related to a claim that packets processed via IKEv1 can be processed without specifying the esp field. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

6.8CVSS6.6AI score0.008EPSS
Exploits0References6Affected Software4
SUSE CVE
SUSE CVE
added 2024/05/03 2:9 a.m.2 views

SUSE CVE-2024-26953

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from pagepool When the skb is reorganized during espoutput !esp-inline, the pages coming from the original skb fragments are supposed to be released back to the system through putpage. But if t...

5.5CVSS6.3AI score0.00227EPSS
Exploits0References16
Microsoft CVE
Microsoft CVE
added 2024/04/22 7:0 a.m.4 views

IKEv1 default AH/ESP responder can cause libreswan to abort and restart

...

6.5CVSS6.7AI score0.008EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/11/14 3:51 p.m.6 views

libreswan: Invalid IKEv2 REKEY proposal causes restart

An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...

6.5CVSS5.8AI score0.00691EPSS
Exploits0References6
Rows per page
Query Builder