kernel: use after free in unix_stream_sendpage

A use-after-free flaw was found in the Linux kernel's afunix component that allows local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unixstreamsendpage...

CVE-2023-51779

A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the btsockrecvmsg and btsockioctl functions could lead to a use-after-free on a socket buffer "skb". This flaw allows a local user to cause a denial of service condition or potential code execution...

SUSE CVE-2023-6531

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on...

USN-6536-1: Linux kernel vulnerabilities

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2023-39189 Kyle Zeng...

kernel: wifi: ath11k: fix monitor mode bringup crash

A null pointer dereference vulnerability was found in the ath11k wireless driver in the Linux kernel. When an interface is brought up in monitor mode, the driver attempts to extract packet type from RAW monitor ring packets, which lack the expected structure. This causes a kernel crash due to...

kernel: Linux kernel: Local denial of service in skbuff due to improper network buffer handling

A flaw was found in the Linux kernel. A local user with low privileges could trigger a kernel bug by manipulating network packet buffer skbuff operations. Specifically, when a program uses a helper function to read data beyond the allocated buffer in certain Generic Segmentation Offload GSO...

kernel: Linux kernel: Memory leak in wilc1000 Wi-Fi driver causes Denial of Service

A flaw was found in the Linux kernel's wilc1000 Wi-Fi driver. A local attacker with low privileges could exploit a memory leak in the wilcmacxmit function, which fails to free a socket buffer skb under certain conditions. This resource exhaustion vulnerability can lead to a Denial of Service DoS ...

kernel: wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()

A flaw was found in the ath9k USB Wi-Fi driver in the Linux kernel. In certain conditions within the ath9khifusbregincb path, a socket buffer skb may be freed prematurely and then freed again on an error path, leading to a use-after-free condition. Additionally, failure to allocate a new skb can...

kernel: tcp: fix skb_copy_ubufs() vs BIG TCP

In the Linux kernel, the following vulnerability has been resolved: tcp: fix skbcopyubufs vs BIG TCP David Ahern reported crashes in skbcopyubufs caused by TCP tx zerocopy using hugepages, and skb length bigger than 68 KB. skbcopyubufs assumed it could copy all payload using up to MAXSKBFRAGS...

kernel: mlx5: fix possible ptp queue fifo use-after-free

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix possible ptp queue fifo use-after-free Fifo indexes are not checked during pop operations and it leads to potential use-after-free when poping from empty queue. Such case was possible during re-sync action. WARNONONCE...

kernel: Linux kernel: Network subsystem memory leak

A flaw was found in the Linux kernel. This vulnerability allows an attacker to cause a denial of service via a memory leak caused by improper handling of skb socket buffer cloning in the network subsystem...

kernel: xfrm: policy: fix metadata dst->dev xmit null pointer dereference

A flaw was found in the XFRM policy support in the Linux kernel. A NULL pointer dereference can be triggered when a socket buffer is transmitted via an XFRM interface due to a missing check, resulting in a denial of service...

PT-2025-18871 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.4-cloudflare-kasan-2023.1.2 Description: A use-after-free issue has been identified in the Linux kernel, specifically in the veth module. This issue arises when the pskb expand head function is used to expan...

USN-6441-2 linux-gcp-5.4 vulnerabilities

Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service host system crash or...

USN-6440-1 linux, linux-aws, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities

Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information kernel memory or in conjunction with another kernel vulnerability. CVE-2023-0597 It was discovere...

kernel: denial of service problem in net/unix/diag.c

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unixdiaggetexact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service...

DEBIAN-CVE-2023-42754

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before calling ipoptionscompile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAPNETADMIN privileges t...

AZL-31271 CVE-2023-42754 affecting package kernel for versions less than 5.15.135.1-2

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before calling ipoptionscompile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAPNETADMIN privileges t...

CVE-2023-42754

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before calling ipoptionscompile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAPNETADMIN privileges t...

CVE-2023-42754

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before calling ipoptionscompile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAPNETADMIN privileges t...