Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2025-71098 ip6_gre: make ip6gre_header() robust

In the Linux kernel, the following vulnerability has been resolved: ip6gre: make ip6greheader robust Over the years, syzbot found many ways to crash the kernel in ip6greheader 1. This involves team or bonding drivers ability to dynamically change their dev-neededheadroom and/or dev-hardheaderlen ...

CVE-2025-71098 ip6_gre: make ip6gre_header() robust

In the Linux kernel, the following vulnerability has been resolved: ip6gre: make ip6greheader robust Over the years, syzbot found many ways to crash the kernel in ip6greheader 1. This involves team or bonding drivers ability to dynamically change their dev-neededheadroom and/or dev-hardheaderlen ...

CVE-2025-71086

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rosekillbydevice rosekillbydevice collects sockets into a local array and then iterates over them to disconnect sockets bound to a device being brought down. The loop mistakenly indexes...

CVE-2025-71086 net: rose: fix invalid array index in rose_kill_by_device()

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rosekillbydevice rosekillbydevice collects sockets into a local array and then iterates over them to disconnect sockets bound to a device being brought down. The loop mistakenly indexes...

CVE-2025-71086

Technical details for CVE-2025-71086 are not publicly available in the provided documents. Monitor for updates from official advisories; the initial description mentions a Linux kernel fix in net rose_kill_by_device but no product/version specifics are provided here.

CVE-2025-71086 net: rose: fix invalid array index in rose_kill_by_device()

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rosekillbydevice rosekillbydevice collects sockets into a local array and then iterates over them to disconnect sockets bound to a device being brought down. The loop mistakenly indexes...

CVE-2025-68813 ipvs: fix ipv4 null-ptr-deref in route error path

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...

CVE-2025-68775 net/handshake: duplicate handshake cancellations leak socket

In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handshake cancellations leak socket When a handshake request is cancelled it is removed from the handshakenet-hnrequests list, but it is still present in the handshakerhashtbl until it is destroyed. If a...

CVE-2025-68775

CVE-2025-68775 concerns the Linux kernel, specifically the net/handshake cancellation path. The flaw arises when a handshake request is cancelled twice: the first cancellation removes the request from handshake_net->hn_requests but leaves it in handshake_rhashtbl; a second cancellation can cau...

CVE-2025-68775 net/handshake: duplicate handshake cancellations leak socket

In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handshake cancellations leak socket When a handshake request is cancelled it is removed from the handshakenet-hnrequests list, but it is still present in the handshakerhashtbl until it is destroyed. If a...

CVE-2025-68776

CVE-2025-68776 affects the Linux kernel path in net/hsr where prp_get_untagged_frame() uses __pskb_copy() to build frame->skb_std. If __pskb_copy() returns NULL (allocation failure), skb_clone() is called on NULL, causing a crash (general protection fault) as described in the CVE description. ...

CVE-2025-68775

In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handshake cancellations leak socket When a handshake request is cancelled it is removed from the handshakenet-hnrequests list, but it is still present in the handshakerhashtbl until it is destroyed. If a...

CVE-2025-68776 net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()

In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prpgetuntaggedframe prpgetuntaggedframe calls pskbcopy to create frame-skbstd but doesn't check if the allocation failed. If pskbcopy returns NULL, skbclone is called with a NULL pointer,...

CVE-2025-68768

In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdirpreexit We have been seeing occasional deadlocks on pernetopsrwsem since September in NIPA. The stuck task was usually modprobe often loading a driver like ipvlan, trying to take the lock a...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: etases58x: It is necessary to populate ndochangemtu to prevent buffer overflows. Sending a PFPACKET allows bypassing the CAN framework logic and directly reaching the xmit function of a CAN driver. The only check performed by the...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: The can: hi311x module has corrected the ndochangemtu function to prevent buffer overflows. Sending a PFPACKET allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The only check...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: Fixed the detection of protocol fallback using BPF. The sockmap feature allows for BPF syscall from user space, or based on BPF sockops, replacing the skprot of sockets during protocol stack processing with sockmap’s...

kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free

A vulnerability was found in isosockkill in net/bluetooth/iso.c in Bluetooth protocol stack in the Linux Kernel. In this flaw if the conn-sk is not set to NULL may lead to UAF on isoconnfree...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to refresh pending skb's in fqdirpreexit, which could lead to a deadlock...