57 matches found
VulnCheck KEV: CVE-2026-43284
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFLSHAREDFRAG after skbsplicefromiter, so later paths that may modify packet data ca...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-017397)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017397 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe...
xfrm: esp: avoid in-place decrypt on shared skb frags
...
CLSA-2026-1778261157 Update of kernel
xfrm: esp: avoid in-place decrypt on shared skb frags...
CLSA-2026-1778260978 Update of kernel
xfrm: esp: avoid in-place decrypt on shared skb frags...
Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPC
Unpatched kernel flaw chain CVE-2026-43284, CVE-2026-43500 enables root escalation on major Linux distributions...
UBUNTU-CVE-2026-43284
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFLSHAREDFRAG after skbsplicefromiter, so later paths that may modify packet data ca...
esp: fix skb leak with espintcp and async crypto
...
CVE-2026-31472
A flaw was found in the Linux kernel, specifically within the xfrm and iptfs components. A remote attacker could exploit this vulnerability by sending a specially crafted Encapsulating Security Payload ESP packet. This packet, containing an inner IPv4 header with a total length totlen of zero or...
EUVD-2026-24902
In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp and async crypto When the TX queue for espintcp is full, espoutputtailtcp will return an error and not free the skb, because with synchronous crypto, the common xfrm output code will drop the packe...
CVE-2026-23060
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, cryptoauthencesndecrypt can advance past the end of...
CVE-2026-23060 crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, cryptoauthencesndecrypt can advance past the end of...
EUVD-2005-0040
Malware in sbrugna...
libreswan: Invalid IKEv2 REKEY proposal causes restart
An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...
libreswan: IKEv1 default AH/ESP responder can crash and restart
A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...
libreswan: IKEv1 default AH/ESP responder can crash and restart
A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...
The vulnerability of the VPN protocol library using “IPsec” in libreswan, related to uncontrolled, reachable assertions, allows attackers to cause service failures.
The vulnerability of the VPN protocol using “IPsec” with libreswan is related to a claim that packets processed via IKEv1 can be processed without specifying the esp field. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
SUSE CVE-2024-26953
In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from pagepool When the skb is reorganized during espoutput !esp-inline, the pages coming from the original skb fragments are supposed to be released back to the system through putpage. But if t...
IKEv1 default AH/ESP responder can cause libreswan to abort and restart
...
libreswan: Invalid IKEv2 REKEY proposal causes restart
An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...