2826 matches found
UBUNTU-CVE-2025-68785
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix middle attribute validation in pushnsh action The pushnsh action structure looks like this: OVSACTIONATTRPUSHNSHOVSKEYATTRNSHOVSNSHKEYATTRBASE,... The outermost OVSACTIONATTRPUSHNSH attribute is OK'ed by the...
CVE-2025-71096
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LSNLATYPEDGID correctly The netlink response for RDMANLLSOPIPRESOLVE should always have a LSNLATYPEDGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call...
CVE-2025-71096 RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LSNLATYPEDGID correctly The netlink response for RDMANLLSOPIPRESOLVE should always have a LSNLATYPEDGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call...
CVE-2025-71096 RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LSNLATYPEDGID correctly The netlink response for RDMANLLSOPIPRESOLVE should always have a LSNLATYPEDGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call...
CVE-2025-71096 RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LSNLATYPEDGID correctly The netlink response for RDMANLLSOPIPRESOLVE should always have a LSNLATYPEDGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call...
CVE-2025-71096
Summary (CVE-2025-71096) : The Linux kernel RDMA core netlink path handling RDMA_NL_LS_OP_IP_RESOLVE could return a DGID-less response, risking an uninitialized read on the stack. The fix ensures the LS_NLA_TYPE_DGID attribute is present, uses nla_parse_deprecated() to populate nlattrs, and then ...
CVE-2025-71066 net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange [email protected] says: The vulnerability is a race condition between etsqdiscdequeue and etsqdiscchange. It leads to UAF on stru...
CVE-2025-68785 net: openvswitch: fix middle attribute validation in push_nsh() action
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix middle attribute validation in pushnsh action The pushnsh action structure looks like this: OVSACTIONATTRPUSHNSHOVSKEYATTRNSHOVSNSHKEYATTRBASE,... The outermost OVSACTIONATTRPUSHNSH attribute is OK'ed by the...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: sched: actconnmark: Initialize struct tcife to prevent kernel leaks. In tcfconnmarkdump, the variable ‘opt’ was partially initialized using a specified initializer. As a result, the padding bytes remained uninitialized. The...
Linux Distros Unpatched Vulnerability : CVE-2025-71096
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/core: Check for the presence of LSNLATYPEDGID correctly The netlink response for RDMANLLSOPIPRESOLVE should always have a LSNLATYPEDGID attribute, it is...
PT-2026-2587
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a race condition within the ets qdisc change function related to the handling of Quality of Service QoS classes. This condition can lead to a Use-After-Free UAF...
GHSA-585Q-CM62-757J mnl has segmentation fault and invalid memory read in `mnl::cb_run`
The function mnl::cbrun is marked as safe but exhibits unsound behavior when processing malformed Netlink message buffers. Passing a crafted byte slice to mnl::cbrun can trigger memory violations. The function does not sufficiently validate the input buffer structure before processing, leading to...
mnl has segmentation fault and invalid memory read in `mnl::cb_run`
The function mnl::cbrun is marked as safe but exhibits unsound behavior when processing malformed Netlink message buffers. Passing a crafted byte slice to mnl::cbrun can trigger memory violations. The function does not sufficiently validate the input buffer structure before processing, leading to...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000299)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000299 advisory. A NULL pointer dereference vulnerability in the function nfcgenldeactivatetarget in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicio...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000495)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000495 advisory. A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlin...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000301)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000301 advisory. An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idralloc fails in genlregisterfamily in net/netlink/genetlink.c. Tenable...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000337)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000337 advisory. In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of...
CVE-2025-53966
An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow during handling of an IOCTL message...
CVE-2025-49495
CVE-2025-49495 affects the Samsung Mobile Processor Exynos family (1380, 1480, 2400, 1580). Description: mishandling of an NL80211 vendor command leads to a buffer overflow in the WiFi driver. Connected sources confirm this vulnerability and note patches: Samsung’s January 2026 SMR includes a fix...
EUVD-2026-0814
An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an NL80211 vendor command leads to a buffer overflow...