1251 matches found
CVE-2023-53559
In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipvti devic...
UBUNTU-CVE-2023-53559
In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipvti devic...
CVE-2023-53601 bonding: do not assume skb mac_header is set
In the Linux kernel, the following vulnerability has been resolved: bonding: do not assume skb macheader is set Drivers must not assume in their ndostartxmit that skbs have their macheader set. skb-data is all what is needed. bonding seems to be one of the last offender as caught by syzbot:...
CVE-2023-53601 bonding: do not assume skb mac_header is set
In the Linux kernel, the following vulnerability has been resolved: bonding: do not assume skb macheader is set Drivers must not assume in their ndostartxmit that skbs have their macheader set. skb-data is all what is needed. bonding seems to be one of the last offender as caught by syzbot:...
CVE-2023-53600 tunnels: fix kasan splat when generating ipv4 pmtu error
In the Linux kernel, the following vulnerability has been resolved: tunnels: fix kasan splat when generating ipv4 pmtu error If we try to emit an icmp error in response to a nonliner skb, we get BUG: KASAN: slab-out-of-bounds in ipcomputecsum+0x134/0x220 Read of size 4 at addr ffff88811c50db00 by...
CVE-2023-53578
Linux kernel CVE-2023-53578 affects the qrtr path, where an uninit access occurs in qrtr_tx_resume() due to skb->len potentially being smaller than sizeof(struct qrtr_ctrl_pkt) when QRTR_TYPE_RESUME_TX is processed. The vulnerability arises in qrtr_endpoint_post() during syzbot scenarios, trig...
CVE-2023-53578 net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix an uninit variable access bug in qrtrtxresume Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in qrtrtxresume+0x185/0x1f0 net/qrtr/afqrtr.c:230...
CVE-2023-53578 net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix an uninit variable access bug in qrtrtxresume Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in qrtrtxresume+0x185/0x1f0 net/qrtr/afqrtr.c:230...
CVE-2023-53559 ip_vti: fix potential slab-use-after-free in decode_session6
In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipvti devic...
CVE-2023-53535 net: bcmgenet: Add a check for oversized packets
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for oversized packets Occasionnaly we may get oversized packets from the hardware which exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early check which drops the packet to avoid...
CVE-2022-50476
The CVE-2022-50476 issue concerns ntb_netdev in the Linux kernel where TX/RX callback handlers can run in interrupt context via the DMA framework. The root cause was calling the interrupt-unsafe dev_kfree_skb() from ntb_netdev_tx_handler() and ntb_netdev_rx_handler(); the fix uses the interrupt-c...
EUVD-2025-32391
In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...
CVE-2025-39946
In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...
CVE-2025-39950
CVE-2025-39950 pertains to the Linux kernel: a NULL pointer dereference can occur in net/tcp when TCP-AO is used with TCP_REPAIR during connect(), due to dereferencing skb without null-check in tcp_ao_finish_connect(). The vulnerability affects code paths where a TCP-AO key is present and TCP_REP...
CVE-2025-39946 tls: make sure to abort the stream if headers are bogus
In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...
CVE-2025-39946 tls: make sure to abort the stream if headers are bogus
In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not setting the cb field of the skb to 0 before sending a packet, which could lead to reuse after release...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of an unsafe skb release function in an interrupt context, which could lead to kernel warnings and...
PT-2025-40720
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to uninitialized variable access within the qrtr tx resume function. The issue occurs due to an insufficient size check in qrtr endpoint post whe...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not verifying that skb is null, which could lead to a null pointer dereference...