2811 matches found
CVE-2026-53197
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix ABBA deadlock in iptfsdestroystate iptfsdestroystate calls hrtimercancel while holding a spinlock that the timer callback also acquires, leading to an ABBA deadlock on SMP systems. For the output timer iptfstimer...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: xfrm: The x-tunnel is deleted as soon as the x is deleted. The ipcomp fallback tunnels are currently deleted from various lists and hashtables because the last user state that relied on those fallbacks is destroyed not deleted. I...
CVE-2026-52932
In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...
CVE-2026-52935
In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit in ctx-partial. Before building a new skmsg, espintcpsendmsg first tries to flush that state through espintcppushmsgs. For blocki...
CVE-2026-52935
In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit in ctx-partial. Before building a new skmsg, espintcpsendmsg first tries to flush that state through espintcppushmsgs. For blocki...
CVE-2026-52935
In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit in ctx-partial. Before building a new skmsg, espintcpsendmsg first tries to flush that state through espintcppushmsgs. For blocki...
CVE-2026-52932
In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...
CVE-2026-52932
In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: xfrm: fixed a slab-use-after-free issue in decodeSession6 When the xfrm device is set to the qdisc of the sfb type, the cb field of the sentskb may be modified during enqueuing. This can lead to a slab-use-after-free when the xfr...
Astra Linux – Vulnerability in Linux 5.10
A flaw was discovered in the Linux kernel. A null pointer dereference in the bondipsecaddsa function may lead to a local denial of service...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A vulnerability has been discovered in the Linux kernel and is classified as critical. The affected part of the code is the function areacacheget in the file drivers/net/ethernet/netronome/nfp/nfpcore/nfpcppcore.c, belonging to the IPsec component. This vulnerability occurs due to improper memory...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A vulnerability, classified as critical, has been discovered in the Linux kernel. The issue affects the tsttimer function in the drivers/atm/idt77252.c file of the IPsec component. This vulnerability allows for manipulation leading to memory corruption after the function is freed. It is recommend...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: esp: Fixed improper handling of pages from pagepool. When the skb is reorganized during espoutput !esp-inline, the pages originating from the original skb fragments are supposed to be released back to the system through...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed the issue with the inversion dependency warning when enabling IPsec tunnels. Attempts to enable IPsec packet offloading in tunnel mode in the debug kernel generate the following kernel panic, due to two issues...
USN-8390-2: Linux kernel vulnerability
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
CVE-2026-2379
On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulti...
Arista EOS 安全漏洞
Arista EOS is a fully programmable, highly modular Linux-based network operating system developed by the American company Arista. There is a security vulnerability in Arista EOS, which occurs when, under certain conditions, physical interface fluctuations and proxy restarts may cause the IPsec...
USN-8388-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
CVE-2026-10629 CVE-2026-10629
SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...
Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE Deployments
Overview VoLTE deployments on Verizon’s IMS network have operated without negotiated SIP integrity protection. In observed test conditions, SIP signaling—including registration, call setup, and messaging—traveled without IPsec ESP encapsulation and without SIP Security Agreement headers, exposing...