47 matches found
CVE-2026-10636
CVE-2026-10636 affects Zephyr’s IPv4 IGMP send path (igmp_send) where net_pkt_iface(pkt) dereferences a freed net_pkt after handoff to net_send_data. The underlying cause is use-after-free: on the successful-send path the packet’s last reference may be released by the L2 driver or TX handling, ye...
CVE-2025-50681
Summary: CVE-2025-50681 affects igmpproxy 0.4 before commit 2b30c36, allowing remote attackers to cause a denial of service (application crash) by sending crafted IGMPv3 membership reports with a malicious source address. The root cause is insufficient validation in recv_igmp() in src/igmpproxy.c...
EUVD-2018-0988
Malware in sbrugna...
EUVD-2018-1115
Malware in sbrugna...
EUVD-2002-2164
Malware in sbrugna...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: ipv6: mcast: Extended RCU protection in igmp6send igmp6send can be called without RTNL or RCU being held. We have extended RCU protection so that we can safely retrieve the net pointer and avoid a potential UAF...
CVE-2002-2264
Unspecified vulnerability in Internet Group Management Protocol IGMP of HP Tru64 4.0F through 5.1A allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: this might be the same issue as CVE-2002-2185, but there are insufficient details to be certain...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the presence of data contention in sysctligmpqrv...
PT-2025-8871
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential issue in the Linux kernel has been identified, related to the igmp6 send function. This function can be called without the necessary synchronization, potentially leading to a...
PT-2024-9992 · Schneider Electric · Powerlogic
Name of the Vulnerable Software and Affected Versions: Schneider Electric PowerLogic versions PM5320, PM5340, and PM5341 Description: An Uncontrolled Resource Consumption issue exists, potentially causing devices to become unresponsive and resulting in communication loss when a large amount of IG...
kernel: use-after-free in IPv4 IGMP
A race condition has been discovered in the Linux kernel's Internet Group Management Protocol IGMP implementation. This vulnerability may enable an attacker to provoke an application crash or potentially escalate privileges locally. By exploiting the race condition, an adversary could disrupt the...
kernel: use-after-free in IPv4 IGMP
A race condition has been discovered in the Linux kernel's Internet Group Management Protocol IGMP implementation. This vulnerability may enable an attacker to provoke an application crash or potentially escalate privileges locally. By exploiting the race condition, an adversary could disrupt the...
kernel: use-after-free in IPv4 IGMP
A race condition has been discovered in the Linux kernel's Internet Group Management Protocol IGMP implementation. This vulnerability may enable an attacker to provoke an application crash or potentially escalate privileges locally. By exploiting the race condition, an adversary could disrupt the...
CLSA-2024-1705494763 kernel: Fix of 13 CVEs
Bluetooth: L2CAP: Fix use-after-free in l2capsockreadycb CVE-2023-40283 - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet CVE-2023-6932 - smb: client: fix OOB in smbCalcSize CVE-2023-6606 - net/sched: schhfsc: Ensure inner classes have fsc curve CVE-2023-4623 - net/sched: clsfw:...
Use-after-free in Linux kernel's ipv4: igmp component
...
The vulnerability of the igmp_start_timer() function in the net/ipv4/igmp.c module of the Linux operating system’s IGMP protocol implementation allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information, thereby increasing their privileges within the system.
The vulnerability of the igmpstarttimer function in the net/ipv4/igmp.c module, which is part of the IGMP protocol implementation in Linux kernel, relates to the reutilization of previously freed memory due to competitive access to resources i.e., during a “race condition”. Exploiting this...
DEBIAN-CVE-2023-6932
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past...
PT-2023-7938 · Linux +9 · Linux Kernel +9
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be...
PT-2023-8340 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to a use-after-free problem in the implementation of the IGMPv2 protocol in the Linux kernel, specifically in the igmp start timer function in net/ipv4/igmp.c. Thi...
kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets
A use-after-free flaw was found in the Linux kernel’s IGMP protocol in how a user triggers a race condition in the ipcheckmcrcu function. This flaw allows a local user to crash or potentially escalate their privileges on the system...