31 matches found
CVE-2026-45536
CVE-2026-45536 affects Netty, specifically Unix-domain socket fd reception in netty_unix_socket_recvFd. Prior to versions 4.1.135.Final and 4.2.15.Final, a peer-sent SCM_RIGHTS message containing two fds can cause both descriptors to leak due to a mismatch between cmsg_len checks and the actual f...
PT-2026-47581
netty unix socket recvFd sets msg control to char controlCMSG SPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCM RIGHTS cmsg carrying two ints has cmsg len = CMSG LEN8 = 24, which fits exactly with no MSG CTRUNC, so the kernel installs both fds in the receiving process. The...
PT-2026-47608
Name of the Vulnerable Software and Affected Versions Netty affected versions not specified Description A file descriptor leak occurs in the netty unix socket recvFd function when a peer sends two file descriptors simultaneously via an SCM RIGHTS control message. The system allocates a control...
Linux Distros Unpatched Vulnerability : CVE-2026-45966
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file...
SUSE CVE-2026-45966
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...
CVE-2026-45966
A flaw was found in the AppArmor security module within the Linux kernel. This vulnerability occurs when the system processes file descriptors, which are references to open files or other I/O resources, using a specific inter-process communication mechanism called SCMRIGHTS. A missing check for...
EUVD-2026-32250
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...
CVE-2026-45966
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...
CVE-2026-45966 apparmor: fix NULL pointer dereference in __unix_needs_revalidation
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...
CVE-2026-45966
Summary: CVE-2026-45966 pertains to a regression in AppArmor on Linux kernels (6.17+) where a NULL pointer dereference could occur in __unix_needs_revalidation() when handling SCM_RIGHTS file descriptors, if both sock and sock->sk are NULL during socket setup/teardown. The crash path involves ...
PT-2026-43833
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unix needs revalidation When receiving file descriptors via SCM RIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL point...
UBUNTU-CVE-2026-45966
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013855)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013855 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: drop any code related to SCMRIGHTS This is dead code after we dropped support for passin...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011282)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011282 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: drop any code related to SCMRIGHTS This is dead code after we dropped support for passin...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007272)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007272 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: drop any code related to SCMRIGHTS This is dead code after we dropped support for passin...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr...
K000148931: Linux kernel vulnerability CVE-2024-26923
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that...
kernel: io_uring: drop any code related to SCM_RIGHTS
A flaw was found in the Linux kernel that addresses the removal of dead code related to SCMRIGHTS support within the iouring. This code was deemed unnecessary after the kernel dropped the ability to pass iouring file descriptors over SCMRIGHTS. The vulnerability was assigned CVE status due to...
kernel: af_unix: Fix garbage collector racing against connect()
A flaw was found in the Linux kernel, where the management of inter-process communication uses AFUNIX sockets. The issue arises from a race condition where a partially initialized socket with specific permissions carrying SCMRIGHTS is improperly handled during garbage collection. This situation...
kernel: af_unix: Fix garbage collector racing against connect()
A flaw was found in the Linux kernel, where the management of inter-process communication uses AFUNIX sockets. The issue arises from a race condition where a partially initialized socket with specific permissions carrying SCMRIGHTS is improperly handled during garbage collection. This situation...