12626 matches found
CVE-2025-39852 net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6
In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 When tcpaocopyallmatching fails in tcpv6synrecvsock it just exits the function. This ends up causing a memory-leak: unreferenced object 0xffff0000281a8200 size...
CVE-2025-39852
CVE-2025-39852: Linux kernel TCP stack IPv6 TCP-AO path leaks memory when tcp_v6_syn_recv_sock() exits on error due to missing error-handling cleanup. The linked Astra/OpenSUSE advisories confirm the fix adds inet_csk_prepare_forced_close() and tcp_done() (as in the IPv4 path) to ensure the new s...
CVE-2025-39852 net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6
In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 When tcpaocopyallmatching fails in tcpv6synrecvsock it just exits the function. This ends up causing a memory-leak: unreferenced object 0xffff0000281a8200 size...
CVE-2025-39848
CVE-2025-39848 (Linux kernel) concerns ax25_kiss_rcv() potentially queuing/mangling input skbs when the skb is shared, leading to crashes in __netif_receive_skb_core() after a per-netns packet-chain change. The root cause is a lack of proper unsharing of skbs in ax25_kiss_rcv(), with a regression...
CVE-2025-39848
In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25kissrcv Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d "net: introduce per netns packet chains". skb-dev becomes NULL and we crash in netifreceiveskbcore. Before...
CVE-2025-39848 ax25: properly unshare skbs in ax25_kiss_rcv()
In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25kissrcv Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d "net: introduce per netns packet chains". skb-dev becomes NULL and we crash in netifreceiveskbcore. Before...
CVE-2025-39839 batman-adv: fix OOB read/write in network-coding decode
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadvncskbdecodepacket trusts codedlen and checks only against skb-len. XOR starts at sizeofstruct batadvunicastpacket, reducing payload headroom, and the source skb length...
USN-7758-4 linux-oracle-6.8 vulnerability
It was discovered that the AFUNIX socket garbage collection implementation in Ubuntu Noble's 6.8 kernel did not properly handle out-of-band OOB messages, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary...
USN-7758-3 linux-realtime vulnerability
It was discovered that the AFUNIX socket garbage collection implementation in Ubuntu Noble's 6.8 kernel did not properly handle out-of-band OOB messages, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary...
USN-7758-2 linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-raspi vulnerability
It was discovered that the AFUNIX socket garbage collection implementation in Ubuntu Noble's 6.8 kernel did not properly handle out-of-band OOB messages, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to free an old skb when memory allocation fails in the padcompressskb function, which could lead...
Linux Distros Unpatched Vulnerability : CVE-2022-50409
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: If sock is dead don't access sock's skwq in skstreamwaitmemory Fixes the below NULL pointer dereference: ... 14.471200 Call Trace: 14.471562 14.471882...
Linux Distros Unpatched Vulnerability : CVE-2023-53426
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: xsk: Fix xskdiag use-after-free error during socket cleanup Fix a use-after-free error that ...
SUSE CVE-2023-53383
In the Linux kernel, the following vulnerability has been resolved: irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 The T241 platform suffers from the T241-FABRIC-4 erratum which causes unexpected behavior in the GIC when multiple transactions are received simultaneously from different...
SUSE CVE-2023-53398
In the Linux kernel, the following vulnerability has been resolved: mlx5: fix possible ptp queue fifo use-after-free Fifo indexes are not checked during pop operations and it leads to potential use-after-free when poping from empty queue. Such case was possible during re-sync action. WARNONONCE...
CVE-2023-53426
In the Linux kernel, the following vulnerability has been resolved: xsk: Fix xskdiag use-after-free error during socket cleanup Fix a use-after-free error that is possible if the xskdiag interface is used after the socket has been unbound from the device. This can happen either due to the socket...
CVE-2022-50405
In the Linux kernel, the following vulnerability has been resolved: net/tunnel: wait until all skuserdata reader finish before releasing the sock There is a race condition in vxlan that when deleting a vxlan device during receiving packets, there is a possibility that the sock is released after...
CVE-2022-50397
In the Linux kernel, the following vulnerability has been resolved: net/ieee802154: reject zero-sized rawsendmsg syzbot is hitting skbassertlen warning at rawsendmsg for ieee802154 socket. What commit dc633700f00f726e "net/afpacket: check len when minheaderlen equals to 0" does also applies to...
CVE-2023-53394
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix crash on regular rq reactivation When the regular rq is reactivated after the XSK socket is closed it could be reading stale cqes which eventually corrupts the rq. This leads to no more traffic being received ...
CVE-2023-53384
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: avoid possible NULL skb pointer dereference In 'mwifiexhandleuaprxforward', always check the value returned by 'skbcopy' to avoid potential NULL pointer dereference in 'mwifiexuapqueuebridgedpkt', and drop original...