1251 matches found
UBUNTU-CVE-2025-37920
In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AFXDP generic RX path Move rxlock from xsksocket to xskbuffpool. Fix synchronization for shared umem mode in generic RX path where multiple sockets share single xskbuffpool. RX queue is exclusive to...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from failure to re-queue skb on wakeup failure, which could lead to a memory leak...
kernel: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
A use-after-free vulnerability was found in the Linux kernel. The Bluetooth firmware isn't checked if skb contains an ACL header, otherwise the code may attempt to access some uninitialized or invalid memory past the valid skb-data...
kernel: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211dostop Since 'devqueuexmit' should be called with interrupts enabled, the following backtrace: ieee80211dostop ... spinlockirqsave&local-queuestopreasonlock, flags...
kernel: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9khtc: Use skbsetlength for resetting urb before resubmit Syzbot points out that skbtrim has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly ju...
SUSE CVE-2022-49809
In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix skb leak in x25lapbreceiveframe x25lapbreceiveframe using skbcopy to get a private copy of skb, the new skb should be freed in the undersized/fragmented skb error handling path. Otherwise there is a memory leak...
SUSE CVE-2022-49924
In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: Fix potential memory leak in fdpncisend fdpncisend will call fdpncii2cwrite that will not free skb in the function. As a result, when fdpncii2cwrite finished, the skb will memleak. fdpncisend should free skb after...
PT-2025-22220
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue occurs when bpf redirect peer is used to redirect packets to a device in another network namespace, and the packet is not...
SUSE CVE-2022-49921
In the Linux kernel, the following vulnerability has been resolved: net: sched: Fix use after free in redenqueue We can't use "skb" again after passing it to qdiscenqueue. This is basically identical to commit 2f09707d0c97 "schsfb: Also store skb len before calling child enqueue"...
Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
...
SUSE CVE-2023-53068
In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb-len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory content...
CVE-2023-53141
In the Linux kernel, the following vulnerability has been resolved: ila: do not generate empty messages in ilaxlatnlcmdgetmapping ilaxlatnlcmdgetmapping generates an empty skb, triggerring a recent sanity check 1. Instead, return an error code, so that user space can get it. 1 skbassertlen WARNIN...
CVE-2023-53125
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb-len Packet length retrieved from skb data may be larger than the actual socket buffer length up to 9026 bytes. In such case the cloned skb passed up the network stack will leak kerne...
CVE-2023-53107
In the Linux kernel, the following vulnerability has been resolved: veth: Fix use after free in XDPREDIRECT Commit 718a18a0c8a6 "veth: Rework vethxdprcvskb in order to accept non-linear skb" introduced a bug where it tried to use pskbexpandhead if the headroom was less than XDPPACKETHEADROOM. Thi...
CVE-2023-53062
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb-len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory conten...
CVE-2023-53125
In CVE-2023-53125, the Linux kernel vulnerability is in the net: usb: smsc75xx driver. The issue stems from retrieving the packet length from skb data, which can be larger than the actual socket buffer length, allowing a cloned skb to expose kernel memory contents. Affects the kernel USB SMSC75xx...
CVE-2023-53062
Summary (CVE-2023-53062) : Affects the Linux kernel in the usb SMSC95xx driver. The vulnerability arises when the packet length retrieved from a descriptor may exceed the actual skb length, allowing a cloned skb to leak kernel memory contents as it traverses the network stack. The issue is docume...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the erspan driver's incorrect use of skbmacheader in ndostartxmit, which could lead to memory access errors...
PT-2025-18826 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A issue in the Linux kernel has been identified where the packet length retrieved from a descriptor may be larger than the actual socket buffer length. This can cause the cloned socket...
PT-2025-18889
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been identified where the packet length retrieved from skb data may be larger than the actual socket buffer length, potentially leading to a leak of kerne...