CVE-2025-40175

CVE-2025-40175 affects the Linux kernel driver for idpf in PTP timestamping. The issue arises when cloning an SKB (skb_get) to latch a Tx timestamp: the K/U may increment the SKB refcount, and under certain conditions the SKB is assigned but not consumed in PTP flows (e.g., due to a reset during ...

CVE-2025-40176 tls: wait for pending async decryptions if tls_strp_msg_hold fails

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with...

CVE-2025-40175

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...

CVE-2025-40175 idpf: cleanup remaining SKBs in PTP flows

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...

CVE-2025-40168

CVE-2025-40168 : In the Linux kernel, smc_clc_prfx_match() was using sk_dst_get(sk)->dev, which could trigger a use-after-free since smc_listen_work() is not under RCU/RTNL. The fix switches to __sk_dst_get() and dst_dev_rcu() to safely obtain the device. Note: the function’s return value is n...

CVE-2025-40149 tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

CVE-2025-40149

CVE-2025-40149 affects the Linux kernel TLS path: get_netdev_for_sock() could trigger a use-after-free if sk_dst_get(sk)->dev is used during setsockopt(). The fix replaces sk_dst_get() with __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(), and notes that the only user of ->ndo_sk_g...

kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

EUVD-2025-124243

Malicious code in npm-event-socketio-pavo npm...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from failure to clear the conn-sk pointer, which could lead to reuse after release...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from idpf's failure to clean up the remaining SKBs in a PTP stream, which could lead to a memory leak...

Linux Distros Unpatched Vulnerability : CVE-2025-40175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one o...

EulerOS 2.0 SP12 : cloud-init (EulerOS-SA-2025-2348)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,cloud-init defau...

EulerOS 2.0 SP12 : cloud-init (EulerOS-SA-2025-2317)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,cloud-init defau...

Linux Distros Unpatched Vulnerability : CVE-2025-40139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smc: Use skdstget and dstdevrcu in in smcclcprfxset. smcclcprfxset is called during connect and not under RCU nor RTNL. Using skdstgetsk-dev could trigger UAF...

kernel: virtio/vsock: Fix accept_queue memory leak

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix acceptqueue memory leak As the final stages of socket destruction may be delayed, it is possible that virtiotransportrecvlisten will be called after the acceptqueue has been flushed, but before the SOCKDONE flag...

kernel: rxrpc: Fix a race between socket set up and I/O thread creation

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix a race between socket set up and I/O thread creation In rxrpcopensocket, it sets up the socket and then sets up the I/O thread that will handle it. This is a problem, however, as there's a gap between the two phases in...

kernel: Linux kernel: Denial of Service in xsk_diag due to use-after-free during socket cleanup

A flaw was found in the Linux kernel's xskdiag interface. This vulnerability, a use-after-free error, occurs when the xskdiag interface is used after a socket has been unbound from its device, such as during socket closure or device removal. A local attacker could exploit this flaw to cause a...

kernel: smc: Fix use-after-free in tcp_write_timer_handler()

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcpwritetimerhandler. With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcpwritetimerhandler by kernel TCP sockets. 0 If SMC creates a kernel socket in smccreate, the kernel...

kernel: tcp: drop secpath at the same time as we currently drop dst

In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6tunnelnetexit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the...