28 matches found
CVE-2026-53131
CVE-2026-53131 : In the Linux kernel, the netfilter code paths for several ipset types (ip6t_eui64, xt_mac, bitmap:ip,mac, hash:ip,mac, hash:mac) and nf_log_syslog could access eth_hdr(skb) without guaranteeing an Ethernet MAC header. The issue arises when code assumes skb is tied to an Ethernet ...
CVE-2026-12847
GV-I/O Box 4E DVRSearch CMD_IP_SET buffer overflow vulnerabilities (CVE-2026-12847) affect GV-I/O Box 4E (version 2.09). The issues involve attacker-controlled fields (gateway, IP, net mask, DNS) in UDP-based DVRSearch handling on port 10001, leading to stack-based buffer overflows and potential ...
CVE-2026-12846
CVE-2026-12846 affects GV-I/O Box 4E (DVRSearch CMD_IP_SET buffer overflow). Connected sources confirm multiple attacker-controlled overflows in CMD_IP_SET (e.g., Net Mask field, IP field, Gateway, DNS) via UDP on port 10001, enabling arbitrary code execution on vulnerable versions (notably GV-I/...
CVE-2026-12485 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991118)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991118 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add the missing IPSETHASHWITHNET0 macro for ipsethashnetportnet.c The missing...
Security update for the Linux Kernel (Live Patch 51 for SUSE Linux Enterprise 15 SP3)
This update for the SUSE Linux Enterprise kernel 5.3.18-150300.59.185 fixes various security issues The following security issues were fixed: CVE-2022-50388: nvme: fix multipath crash caused by flush request when blktrace is enabled bsc1250295. CVE-2022-50432: kernfs: fix use-after-free in...
CVE-2023-53179 netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add the missing IPSETHASHWITHNET0 macro for ipsethashnetportnet.c The missing IPSETHASHWITHNET0 macro in ipsethashnetportnet can lead to the use of wrong CIDRPOSc for calculating array offsets, which can lead to...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the lack of the IPSETHASHWITHNET0 macro in ipsethashnetportnet, which could lead to integer underflows and...
AlmaLinux 8 : kernel (ALSA-2025:7531)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7531 advisory. kernel: hwmon: coretemp fix pci device refcount leak in nv1aramnew CVE-2022-49011 kernel: netfilter: ipset: add missing range check in bitmapipuadt...
kernel: netfilter: ipset: add missing range check in bitmap_ip_uadt
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmapipuadt When tbIPSETATTRIPTO is not present but tbIPSETATTRCIDR exists, the values of ip and ipto are slightly swapped. Therefore, the range check for ip should be done later, but...
kernel: netfilter: ipset: add missing range check in bitmap_ip_uadt
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmapipuadt When tbIPSETATTRIPTO is not present but tbIPSETATTRCIDR exists, the values of ip and ipto are slightly swapped. Therefore, the range check for ip should be done later, but...
The vulnerability of the bitmap_ip_uadt() function in the Google ChromeOS operating system allows a hacker to bypass security restrictions and execute arbitrary code.
The vulnerability of the bitmapipuadt function in the Google ChromeOS operating system is related to deficiencies in access control due to incorrect checking of IP address boundaries when processing the IPSETATTRCIDR parameter. Exploiting this vulnerability allows a remote attacker to bypass...
ipset bug fix update
An update is available for ipset. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The ipset packages provide the ipset utility and the ipset service to manage IP...
UBUNTU-CVE-2024-53141
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmapipuadt When tbIPSETATTRIPTO is not present but tbIPSETATTRCIDR exists, the values of ip and ipto are slightly swapped. Therefore, the range check for ip should be done later, but...
CVE-2024-40993 netfilter: ipset: Fix suspicious rcu_dereference_protected()
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix suspicious rcudereferenceprotected When destroying all sets, we are either in pernet exit phase or are executing a "destroy all sets command" from userspace. The latter was taken into account in...
kernel: netfilter: race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP
A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSETCMDADD and IPSETCMDSWAP can lead to a kernel panic due to the invocation of ipsetput on a wrong set. This issue may allow a local user to crash the system...
USN-6479-1 linux-oem-6.5 vulnerabilities
Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service system crash. CVE-2023-42756 Alex Birnberg discovered that the netfilter subsystem in the Linux...
USN-6454-4: Linux kernel (StarFive) vulnerabilities
Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service system crash. CVE-2023-42756 Alex Birnberg discovered that the netfilter subsystem in the Linux...
USN-6454-4 linux-starfive vulnerabilities
Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service system crash. CVE-2023-42756 Alex Birnberg discovered that the netfilter subsystem in the Linux...
USN-6454-3: Linux kernel (ARM laptop) vulnerabilities
Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service system crash. CVE-2023-42756 Alex Birnberg discovered that the netfilter subsystem in the Linux...