EUVD-2023-60030

In the Linux kernel, the following vulnerability has been resolved: xsk: fix refcount underflow in error path Fix a refcount underflow problem reported by syzbot that can happen when a system is running out of memory. If xpalloctxdescs fails, and it can only fail due to not having enough memory,...

DEBIAN-CVE-2023-53716

In the Linux kernel, the following vulnerability has been resolved: net: fix skb leak in skbtstamptx Commit 50749f2dd685 "tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp." added a call to skborphanfragsrx to fix leaks with zerocopy skbs. But it ended up adding a leak of its own...

CVE-2023-53716

CVE-2023-53716 is a Linux kernel vulnerability described as a leak in skb handling: after a TX timestamp code path, if skb_orphan_frags_rx() fails, the skb cloned for zerocopy skb leaks. The issue is tied to the net: skb_tstamp_tx() flow and was addressed by a kernel fix in the commit that added ...

bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

...

kernel: net: usb: smsc75xx: Limit packet length to skb->len

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb-len Packet length retrieved from skb data may be larger than the actual socket buffer length up to 9026 bytes. In such case the cloned skb passed up the network stack will leak kerne...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to free a cloned skb when skborphanfragsrx fails, which could lead to a memory leak...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987534)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987534 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skb's Upon error the ieee802154xmitcomplete helper is no...

kernel: net: usb: smsc75xx: Limit packet length to skb->len

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb-len Packet length retrieved from skb data may be larger than the actual socket buffer length up to 9026 bytes. In such case the cloned skb passed up the network stack will leak kerne...

CVE-2025-39984

In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi-skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skbresetmacheader include/linux/skbuff.h:3150 inline BUG: KASAN: slab-use-after-free in napifragsskb net/core/gro.c:723...

CVE-2025-40000

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix use-after-free in rtw89coretxkickoffandwait There is a bug observed when rtw89coretxkickoffandwait tries to access already freed skbdata: BUG: KFENCE: use-after-free write in rtw89coretxkickoffandwait...

CVE-2025-39984

In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi-skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skbresetmacheader include/linux/skbuff.h:3150 inline BUG: KASAN: slab-use-after-free in napifragsskb net/core/gro.c:723...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to update napi-skb after XDP processing, which could lead to reuse after release...

kernel: net: usb: smsc75xx: Limit packet length to skb->len

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb-len Packet length retrieved from skb data may be larger than the actual socket buffer length up to 9026 bytes. In such case the cloned skb passed up the network stack will leak kerne...

kernel: skbuff: Fix a race between coalescing and releasing SKBs

In the Linux kernel, the following vulnerability has been resolved: skbuff: Fix a race between coalescing and releasing SKBs Commit 1effe8ca4e34 "skbuff: fix coalescing for pagepool fragment recycling" allowed coalescing to proceed with non page pool page and page pool page when @from is cloned,...

kernel: skbuff: Fix a race between coalescing and releasing SKBs

In the Linux kernel, the following vulnerability has been resolved: skbuff: Fix a race between coalescing and releasing SKBs Commit 1effe8ca4e34 "skbuff: fix coalescing for pagepool fragment recycling" allowed coalescing to proceed with non page pool page and page pool page when @from is cloned,...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 9 : kernel (RHSA-2025:17734)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:17734 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netsched: hfsc: Fix a potenti...

EUVD-2025-31854

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and...

SUSE CVE-2023-53685

In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = int fdtun, fdtmp; char buf4 = ; fdtun ...

EUVD-2025-32773

In the Linux kernel, the following vulnerability has been resolved: tcp: fix skbcopyubufs vs BIG TCP David Ahern reported crashes in skbcopyubufs caused by TCP tx zerocopy using hugepages, and skb length bigger than 68 KB. skbcopyubufs assumed it could copy all payload using up to MAXSKBFRAGS...