23 matches found
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021642)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021642 advisory. In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tptunnelregister The code in l2tptunnelregister is racy in...
CVE-2026-43164
A flaw was found in the Linux kernel's UDP-Lite User Datagram Protocol-Lite implementation. An issue during the initialization of UDP-Lite sockets can lead to a null-pointer dereference in the udpenqueuescheduleskb function. This vulnerability could allow an attacker to trigger a system crash,...
CVE-2026-43164 udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb().
In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in udpenqueuescheduleskb. syzbot reported null-ptr-deref of udpsksk-udpprodqueue. 0 Since the cited commit, udplibinitsock can fail, as can udpinitsock and udpv6initsock. Let's handle the error in...
EUVD-2023-59700
Malicious code in bioql PyPI...
CVE-2023-53088
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp listener shutdown path is prone to an UaF issue. BUG: KASAN: use-after-free in...
CVE-2023-53088
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp listener shutdown path is prone to an UaF issue. BUG: KASAN: use-after-free in...
CVE-2023-53088 mptcp: fix UaF in listener shutdown
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp listener shutdown path is prone to an UaF issue. BUG: KASAN: use-after-free in...
CVE-2023-53072 mptcp: use the workqueue to destroy unaccepted sockets
In the Linux kernel, the following vulnerability has been resolved: mptcp: use the workqueue to destroy unaccepted sockets Christoph reported a UaF at token lookup time after having refactored the passive socket initialization part: BUG: KASAN: use-after-free in tokenbucketbusy+0x253/0x260 Read o...
CVE-2023-53020
In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tptunnelregister The code in l2tptunnelregister is racy in several ways: 1. It modifies the tunnel socket after publishing it. 2. It calls setupudptunnelsock on an existing socket without...
DEBIAN-CVE-2023-53020
In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tptunnelregister The code in l2tptunnelregister is racy in several ways: 1. It modifies the tunnel socket after publishing it. 2. It calls setupudptunnelsock on an existing socket without...
CVE-2023-53020
CVE-2023-53020 affects the Linux kernel: l2tp_tunnel_register() contains race conditions that modify the tunnel socket after publishing, call setup_udp_tunnel_sock() on an existing socket without locking, and change sock lock class on the fly. A patch fixes these by initializing the socket before...
CVE-2023-53020 l2tp: close all race conditions in l2tp_tunnel_register()
In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tptunnelregister The code in l2tptunnelregister is racy in several ways: 1. It modifies the tunnel socket after publishing it. 2. It calls setupudptunnelsock on an existing socket without...
CVE-2023-53020
In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tptunnelregister The code in l2tptunnelregister is racy in several ways: 1. It modifies the tunnel socket after publishing it. 2. It calls setupudptunnelsock on an existing socket without...
CVE-2023-53020 l2tp: close all race conditions in l2tp_tunnel_register()
In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tptunnelregister The code in l2tptunnelregister is racy in several ways: 1. It modifies the tunnel socket after publishing it. 2. It calls setupudptunnelsock on an existing socket without...
CVE-2024-56606 af_packet: avoid erroring out after sock_init_data() in packet_create()
In the Linux kernel, the following vulnerability has been resolved: afpacket: avoid erroring out after sockinitdata in packetcreate After sockinitdata the allocated sk object is attached to the provided sock object. On error, packetcreate frees the sk object leaving the dangling pointer in the so...
kernel: Bluetooth: bnep: fix wild-memory-access in proto_unregister
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in protounregister There's issue as follows: KASAN: maybe wild-memory-access in range 0xdead...108-0xdead...10f CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W RIP:...
kernel: mptcp: fix UaF in listener shutdown
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp listener shutdown path is prone to an UaF issue. BUG: KASAN: use-after-free in...
kernel: mptcp: fix UaF in listener shutdown
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp listener shutdown path is prone to an UaF issue. BUG: KASAN: use-after-free in...
PT-2025-13366 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically in the l2tp tunnel register function. The issue involved several race conditions, including modifying the tunnel...