9 matches found
EUVD-2023-60284
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix null-ptr-deref in unixstreamsendpage. Bing-Jhong Billy Jheng reported null-ptr-deref in unixstreamsendpage with detailed analysis and a nice repro. unixstreamsendpage tries to add data to the last skb in the peer's re...
CVE-2023-54082
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-54161
CVE-2023-54161 concerns the Linux kernel: a null-pointer dereference in unix_stream_sendpage() caused by racing access to a peer socket’s receive queue when data is queued de-pendently by the last skb. The root cause is the peer’s recv queue being accessed locklessly during garbage collection, en...
CVE-2023-54082
CVE-2023-54082 has been rejected in the official CVE list, but related connected records describe a Linux kernel vulnerability: af_unix, where unix_stream_sendpage() could race with garbage collection, potentially dereferencing an unlocked skb and causing a use-after-free. The root cause is failu...
Linux Distros Unpatched Vulnerability : CVE-2023-54082
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - afunix: Fix null-ptr-deref in unixstreamsendpage. Bing-Jhong Billy Jheng reported null-ptr-deref in unixstreamsendpage with detailed analysis and a nice repro...
CVE-2025-40150
The CVE-2025-40150 entries describe a Linux kernel F2FS issue where a race between fallocate on a pinning file and block allocation can migrate a just-allocated segment, causing mismatch between in-memory SIT and on-disk SSA (example segno 173822). The root cause is a race in garbage collection t...
Linux Distros Unpatched Vulnerability : CVE-2024-36972
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under skreceivequeue lock. Billy Jheng Bing-Jhong reported a...
SUSE CVE-2025-21959
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree Since commit b36e4523d4d5 "netfilter: nfconncount: fix garbage collection confirm race", cpu and jiffies32 were introduced to the struct...
PT-2025-40176
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5 Description The Linux kernel contains a flaw in the unix stream sendpage function related to a null pointer dereference. This issue occurs when handling sockets in a specific loop scenario involving garbage...