CVE-2023-53585 bpf: reject unhashed sockets in bpf_sk_assign

In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpfskassign The semantics for bpfskassign are as follows: sk = somelookupfunc bpfskassignskb, sk bpfskreleasesk That is, the sk is not consumed by bpfskassign. The function therefore needs to make...

CVE-2023-53585 bpf: reject unhashed sockets in bpf_sk_assign

In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpfskassign The semantics for bpfskassign are as follows: sk = somelookupfunc bpfskassignskb, sk bpfskreleasesk That is, the sk is not consumed by bpfskassign. The function therefore needs to make...

CVE-2023-53578

Linux kernel CVE-2023-53578 affects the qrtr path, where an uninit access occurs in qrtr_tx_resume() due to skb->len potentially being smaller than sizeof(struct qrtr_ctrl_pkt) when QRTR_TYPE_RESUME_TX is processed. The vulnerability arises in qrtr_endpoint_post() during syzbot scenarios, trig...

CVE-2023-53578 net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix an uninit variable access bug in qrtrtxresume Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in qrtrtxresume+0x185/0x1f0 net/qrtr/afqrtr.c:230...

CVE-2023-53578 net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix an uninit variable access bug in qrtrtxresume Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in qrtrtxresume+0x185/0x1f0 net/qrtr/afqrtr.c:230...

CVE-2023-53559 ip_vti: fix potential slab-use-after-free in decode_session6

In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipvti devic...

CVE-2023-53535 net: bcmgenet: Add a check for oversized packets

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for oversized packets Occasionnaly we may get oversized packets from the hardware which exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early check which drops the packet to avoid...

CVE-2022-50476

The CVE-2022-50476 issue concerns ntb_netdev in the Linux kernel where TX/RX callback handlers can run in interrupt context via the DMA framework. The root cause was calling the interrupt-unsafe dev_kfree_skb() from ntb_netdev_tx_handler() and ntb_netdev_rx_handler(); the fix uses the interrupt-c...

EUVD-2025-32391

In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...

CVE-2025-39946

In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...

CVE-2025-39950

CVE-2025-39950 pertains to the Linux kernel: a NULL pointer dereference can occur in net/tcp when TCP-AO is used with TCP_REPAIR during connect(), due to dereferencing skb without null-check in tcp_ao_finish_connect(). The vulnerability affects code paths where a TCP-AO key is present and TCP_REP...

CVE-2025-39946 tls: make sure to abort the stream if headers are bogus

In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...

CVE-2025-39946 tls: make sure to abort the stream if headers are bogus

In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...

PT-2025-40720

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to uninitialized variable access within the qrtr tx resume function. The issue occurs due to an insufficient size check in qrtr endpoint post whe...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not verifying that skb is null, which could lead to a null pointer dereference...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of an unsafe skb release function in an interrupt context, which could lead to kernel warnings and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not setting the cb field of the skb to 0 before sending a packet, which could lead to reuse after release...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the assumption that skb macheader has been set, which could lead to a null pointer dereference...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not removing timers and freeing skb queues, which could lead to a crash and memory leak...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unrejected unhashed socket that could lead to the use of a freed socket...