CVE-2023-53785

The CVE-2023-53785 entry concerns the Linux kernel mt76/mt7921 SDIO path. The vulnerability arises when mt7921_usb_sdio_tx_prepare_skb() and mt7921_skb_add_usb_sdio_hdr() blindly assume sufficient headroom in an skb, which can trigger kernel panics if the skb originates from a receive path (e.g.,...

CVE-2022-50655

Summary. CVE-2022-50655 concerns the Linux kernel PPP transmit path where flow dissector could fail to locate the skb’s net namespace, risking misassociation of skb with the device. Multiple trusted sources (OSV, Debian OSV, UBUNTU OSV, NVD, EUVD) confirm the vulnerability was resolved in the Lin...

CVE-2022-50655 ppp: associate skb with a device at tx

In the Linux kernel, the following vulnerability has been resolved: ppp: associate skb with a device at tx Syzkaller triggered flow dissector warning with the following: r0 = openat$ppp0xffffffffffffff9c, &0x7f0000000000, 0xc0802, 0x0 ioctl$PPPIOCNEWUNITr0, 0xc004743e, &0x7f00000000c0...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ath9khtcrxmsg not freeing the skb when there is no callback function, which could lead to a memory leak...

PT-2025-49635

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to PPP Point-to-Point Protocol transmission. Specifically, the issue arises when associating an skb socket buffer with a device during...

Linux Distros Unpatched Vulnerability : CVE-2023-53836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf, sockmap: Fix skb refcnt race after locking changes There is a race where skb's from the skpsockbacklog can be referenced after userspace side has already...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from skb reference count contention in sockmap...

EUVD-2025-201644

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: validate skb length for unknown CC opcode In hcicmdcompleteevt, if the command complete event has an unknown opcode, we assume the first byte of the remaining skb-data contains the return status. However,...

DEBIAN-CVE-2023-53752

In the Linux kernel, the following vulnerability has been resolved: net: deal with integer overflows in kmallocreserve Blamed commit changed: ptr = kmallocsize; if ptr size = ksizeptr; size = kmallocsizeroundupsize; ptr = kmallocsize; This allowed various crash as reported by syzbot 1 and Kyle...

CVE-2023-53752

In the Linux kernel, the following vulnerability has been resolved: net: deal with integer overflows in kmallocreserve Blamed commit changed: ptr = kmallocsize; if ptr size = ksizeptr; size = kmallocsizeroundupsize; ptr = kmallocsize; This allowed various crash as reported by syzbot 1 and Kyle...

DEBIAN-CVE-2025-40301

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: validate skb length for unknown CC opcode In hcicmdcompleteevt, if the command complete event has an unknown opcode, we assume the first byte of the remaining skb-data contains the return status. However,...

UBUNTU-CVE-2025-40290

In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a "xsk: Fix immature cq descriptor production", the descriptor number is stored in skb control block and xskcqsubmitaddrlocked relies on it to put the ume...

CVE-2025-40301

CVE-2025-40301 affects the Linux kernel Bluetooth subsystem, specifically the HCI event handling path. The issue arises in hci_cmd_complete_evt() when an event has an unknown opcode: the code previously assumed skb->data[0] holds the return status, but parameter data may have already been pull...

PT-2025-49433

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth implementation within the hci cmd complete evt function. Specifically, the code does not validate the length of the socket buffer skb before...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper use of the skb control block, which could lead to null pointer dereferencing...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unverified skb length that could lead to the use of uninitialized memory...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ath11k not handling SKB correctly when booting in monitor mode, which could lead to a null pointer dereferen...

PT-2025-49421

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.12+deb14-cloud-amd64 1 Description The Linux kernel contained a flaw in the xsk XDP socket subsystem related to descriptor number handling on completion queues. A commit 30f241fcf52a initially introduced an...

CVE-2025-40282 Bluetooth: 6lowpan: reset link-local header on ipv6 recv path

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth 6lowpan.c netdev has headerops, so it must set link-local header for RX skb, otherwise things crash, eg. with AFPACKET SOCKRAW Add missing skbresetmacheader...

SUSE CVE-2025-40253

In the Linux kernel, the following vulnerability has been resolved: s390/ctcm: Fix double-kfree The function 'mpcrcvdsweepreqmpcginfo' is called conditionally from function 'ctcmpcunpackskb'. It frees passed mpcginfo. After that a call to function 'kfree' in function 'ctcmpcunpackskb' frees it...