24002 matches found
CVE-2026-5265
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...
PT-2026-34990
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpc input packet on conn can process a to-client packet after the current client call on the channel has already been torn down. In that case chan-call is NULL, rxrpc try get cal...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the function rxrpcinputpacketonconn. When this function is called on a current client via the channel, ...
arduino-esp32 安全漏洞
Arduino-ESP32 is an open-source project by Espressif, designed for use with the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6, and ESP32-H2 boards. Versions of Arduino-ESP32 prior to 3.3.8 contained a security vulnerability. This vulnerability stemmed from a remote exploitable memory corruption...
PT-2026-34992
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpc post response, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...
PT-2026-34959
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap out-of-bounds write exists in the USB/IP client. The function usbip pack ret submit unconditionally overwrites the number of packets variable from the network PDU. A malicious...
kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain()
A flaw was found in the Linux kernel. A local attacker with CAPNETADMIN capabilities, or remote packet traffic, could exploit a use-after-free vulnerability in the nftablesaddchain function's error handling. Successful exploitation could lead to a kernel crash, resulting in a Denial of Service Do...
bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
...
net: fix fanout UAF in packet_release() via NETDEV_UP race
...
SUSE CVE-2026-31504
In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packetrelease via NETDEVUP race packetrelease has a race window where NETDEVUP can re-register a socket into a fanout group's arr array. The re-registration is not cleaned up by fanoutrelease, leaving a...
SUSE CVE-2026-31525
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in interpreter sdiv/smod for INTMIN The BPF interpreter's signed 32-bit division and modulo handlers use the kernel abs macro on s32 operands. The abs macro documentation include/linux/math.h explicitl...
SUSE CVE-2026-33598
A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress or getAddressListByDomain on a packet cache...
UBUNTU-CVE-2026-35058
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...
CVE-2026-35058
server ASSERT on receiving a suitably malformed packet with a valid tls-crypt-v2 key...
CVE-2026-31526
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. When an exception occurs during the execution of a BPF subprogram, the system may fail to release user-acquired locks. This oversight can lead to resource leaks and system instability, potentially resulting in a Denial o...
CVE-2026-31517
A flaw was found in the Linux kernel's IP-TFS IP-Transparent Fragmentation Service subsystem. A remote attacker could send specially crafted network packets that, during the reassembly process, cause the kernel to attempt an invalid operation on a network buffer. This improper handling of network...
CVE-2026-31504
A flaw was found in the Linux kernel. A race condition in the packetrelease function, specifically during a network device up NETDEVUP event, can lead to a Use-After-Free UAF vulnerability. This occurs when a socket is re-registered into a fanout group's array, leaving a dangling pointer. A local...
EUVD-2026-24939
A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress or getAddressListByDomain on a packet cache...
EUVD-2026-24881
In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packetrelease via NETDEVUP race packetrelease has a race window where NETDEVUP can re-register a socket into a fanout group's arr array. The re-registration is not cleaned up by fanoutrelease, leaving a...
CVE-2026-33598
A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress or getAddressListByDomain on a packet cache...