378 matches found
UBUNTU-CVE-2026-42764
NULL pointer dereference in QUIC server initial packet handling...
CVE-2026-45998
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential UAF after skbunshare failure If skbunshare fails to unshare a packet due to allocation failure in rxrpcinputpacket, the skb pointer in the parent rxrpciothread will be NULL'd out. This will likely cause the...
CVE-2026-46000
The CVE-2026-46000 issue concerns the Linux kernel’s rxrpc conn-level packet handling. A security operation decrypts bits of a RESPONSE packet in place, but the sk_buff might be shared with a packet sniffer, causing the sniffer to observe a seemingly corrupt (actually decrypted) packet. The fix c...
CVE-2026-46000
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix conn-level packet handling to unshare RESPONSE packets The security operations that verify the RESPONSE packets decrypt bits of it in place - however, the skbuff may be shared with a packet sniffer, which would lead to...
CVE-2026-46000
rxrpc: Fix conn-level packet handling to unshare RESPONSE packets...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mctp i3c: handling of NULL header addresses daddr can be NULL if there is no neighbour table entry present; in that case, the TX packet should be discarded. saddr is usually set by the MCTP core, but NULL values should also be...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Firewire: In the net subsystem, a bug related to use-after-free was fixed in the fwnetfinishincomingpacket function. The netifrx function frees the skb, but we cannot dereference it to save the skb-len...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only drop the call reference if one has been acquired. The function rxrpcinputpacketonconn can process a packet for the client after the current client call on the channel has already been terminated. In this case, chan-ca...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ovpn: TCP – fix for extracting packets from the stream When processing TCP stream data in ovpntcprecv, we receive large cloned skbs from strprcv, which may contain multiple coalesced packets. The current implementation has two...
openSUSE 15 Security Update : kernel (SUSE-SU-2026:1840-2)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1840-2 advisory. The SUSE Linux Enterprise 15 SP6 kernel was updated to fix the following issue: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb fra...
USN-8268-1 dnsmasq vulnerabilities
Andrew S. Fasano, Royce M, and Hugo Martinez Ray discovered that Dnsmasq did not allocate the necessary space to store domain names in some contexts. An attacker could possibly use this issue to write out-of-bounds, and could cause a denial of service or execute arbitrary code. CVE-2026-2291 Royc...
Unbreakable Enterprise kernel security update
6.12.0-202.76.4.1 - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present Hyunwoo Kim Orabug: 39344513 CVE-2026-43500 - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets David Howells Orabug: 39344513 - rxrpc: only handle RESPONSE during service challenge Wang Jie...
Moderate: Red Hat Security Advisory: corosync security update
An update for corosync is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixed a crash that occurred during module load/unload tests. During purex packet handling, the driver incorrectly freed a pre-allocated structure. This issue was fixed by skipping that entry. The system crashed...
ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...
DEBIAN-CVE-2026-31638
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpcinputpacketonconn can process a to-client packet after the current client call on the channel has already been torn down. In that case chan-call is NULL, rxrpctrygetcall retur...
EUVD-2026-25533
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the function rxrpcinputpacketonconn. When this function is called on a current client via the channel, ...
GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer
A flaw was found in GStreamer. This vulnerability allows a remote attacker to execute arbitrary code by exploiting an out-of-bounds write in the RealMedia Demuxer component. The issue occurs due to improper validation of user-supplied data during the processing of video packets, leading to a writ...
CVE-2026-5590
A race condition during TCP connection teardown can cause tcprecv to operate on a connection that has already been released. If tcpconnsearch returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcpbacklogisfull and dereferenced without validatio...