CVE-2025-40080 nbd: restrict sockets to TCP and UDP

In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 "nbd: verify socket is supported during setup" made sure the socket supported a shutdown method. Explicitel...

EUVD-2025-36448

In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 "nbd: verify socket is supported during setup" made sure the socket supported a shutdown method. Explicitel...

CVE-2025-40080

CVE-2025-40080 affects the Linux kernel NBD subsystem, where sockets were restricted to TCP/UDP. The root cause was mitigated by a commit that verifies the socket type during setup and ensures the socket supports shutdown(), explicitly accepting TCP and UNIX stream sockets. Public advisories indi...

CVE-2025-40080 nbd: restrict sockets to TCP and UDP

In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 "nbd: verify socket is supported during setup" made sure the socket supported a shutdown method. Explicitel...

CVE-2025-40053 net: dlink: handle copy_thresh allocation failure

In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copythresh allocation failure The driver did not handle failure of netdevallocskbipalign. If the allocation failed, dereferencing skb-protocol could lead to a NULL pointer dereference. This patch tries to...

EUVD-2025-36475

In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copythresh allocation failure The driver did not handle failure of netdevallocskbipalign. If the allocation failed, dereferencing skb-protocol could lead to a NULL pointer dereference. This patch tries to...

Linux Distros Unpatched Vulnerability : CVE-2025-40080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 nbd: verify socket is supported during...

Linux Distros Unpatched Vulnerability : CVE-2025-40078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Explicitly check accesses to bpfsockaddr Syzkaller found a kernel warning on the following sockaddr program: 0: r0 = 0 1: r2 = u32 r1 +60 2: exit which...

kernel: vsock/virtio: Validate length in packet header before skb_put()

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtiovsockskbrxput. Unfortunately, virtiovsockskbrxput uses the length...

kernel: vsock/virtio: Validate length in packet header before skb_put()

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtiovsockskbrxput. Unfortunately, virtiovsockskbrxput uses the length...

Siemens SIMATIC Devices Improper Input Validation (CVE-2025-21756)

vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind and those implicitly bound through autobind during connect. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-58009)

Bluetooth: L2CAP: handle NULL sock pointer in l2capsockalloc This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503503; scriptversion"1.2";...

Siemens SIMATIC Devices Improper Restriction of Communication Channel to Intended Endpoints (CVE-2024-35884)

In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel GSO skbs landing in a tunnel When rx- udp-gro-forwarding is enabled UDP packets might be GROed when being forwarded. If such packets might land in a tunnel this can cause various issues and...

Linux Distros Unpatched Vulnerability : CVE-2025-39987

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: hi311x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit...

openSUSE Security Advisory (SUSE-SU-2025:3794-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 43 Update: python-socketio-5.14.2-1.fc43

Socket.IO is a transport protocol that enables real-time bidirectional event-based communication between clients typically, though not always, web browsers and a server. The official implementations of the client and server components are written in JavaScript. This package provides Python...

[SECURITY] Fedora 43 Update: podman-tui-1.9.0-1.fc43

podman-tui is a terminal user interface for Podman v4 and v5. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

SUSE SLED15: chrony / chrony-pool-empty / chrony-pool-openSUSE / etc (SUSE-SU-2025:3794-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3794-1 advisory. - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root...

EUVD-2022-54538

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Calico cloud environment. We found that a BPF program was doing a socket lookup with takes a refcnt on the socket and that it was findin...

Security update for chrony

This update for chrony fixes the following issues: Race condition during socket creation by chronyc allows privilege escalation from user chrony to root bsc1246544. This update also ships chrony-pool-empty to SLE Micro 5.x jscSMO-587 Patch Instructions: To install this SUSE update use the SUSE...