FreeBSD-SA-26:26.ktls

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:26.ktls Security Advisory The FreeBSD Project Topic: Arbitrary file overwrite via the KTLS receive path Category: core Module: ktls Announced: 2026-06-09...

FreeBSD Security Advisory - FreeBSD-SA-26:26.ktls

FreeBSD Security Advisory - The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through...

FreeBSD -- Arbitrary file overwrite via the KTLS receive path

Problem Description: The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: tls: Handle the situation where data disappears from the TLS ULP. TLS assumes that it owns the receive queue of the TCP socket. This assumption cannot be guaranteed if the reader of the TCP socket entered before the TLS ULP was...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS; fixed a crash that occurred during the RX resync process. For the TLS RX resync process, we maintain a list of TLS contexts that require some attention. We communicate their resync information to the hardware...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: sunrpc: Fixing the handling of server-side TLS alerts Scott Mayhew discovered a security exploit in NFS over TLS, specifically in the tlsalertrecv function. This exploit stemmed from a misunderstanding by the system that it could...

CVE-2026-23414

CVE-2026-23414 is addressed in the Linux kernel TLS code. The vulnerability involved the async_hold queue that pins encrypted input skbs while AEAD operations reference scatterlist data. The fix centralizes purge of async_hold in tls_decrypt_async_wait(), ensuring all callers (recvmsg drain path,...

SUSE-SU-2026:0274-1 Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.47 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-38476: rpl: Fix use-after-free in rpldosrhinline...

Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.38 fixes various security issues The following security issues were fixed: CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. CVE-2025-38476: rpl: Fix use-after-free in rpldosrhinline...

SUSE-SU-2026:0186-1 Security update for the Linux Kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.116 fixes various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1254451. - CVE-2022-50409: net: If sock is dead don't access sock's skwq i...

Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.164 fixes various security issues The following security issues were fixed: CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. CVE-2022-50327: ACPI: processor: idle: Che...

CVE-2025-40149 tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls

...

Linux Distros Unpatched Vulnerability : CVE-2025-38608

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf, ktls: Fix data corruption when using bpfmsgpopdata in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. Howeve...

AZL-66461 CVE-2025-38608 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpfmsgpopdata in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, w...

kernel: tls: always refresh the queue when reading sock

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the que...

DEBIAN-CVE-2025-38471

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the que...

UBUNTU-CVE-2025-38166

In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap 2172.936997 ------------ cut here ------------ 2172.936999 kernel BUG at lib/ioviter.c:629! ...... 2172.944996 PKRU: 55555554 2172.945155 Call Trace: 2172.945299 2172.945428 ? die+0x36/0x90...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly handling KTLS, which could cause the kernel to crash...

PT-2025-33806

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to the bpf and ktls subsystems. A data corruption issue occurs when using bpf msg pop data in ktls. Specifically, the ciphertext length is not...