Lucene search
+L

258 matches found

RedHat Linux
RedHat Linux
added 2025/10/29 12:20 a.m.10 views

kernel: sctp: linearize cloned gso packets in sctp_rcv

A flaw use of uninitialized memory uncontrolled and invisible by attacker in the Linux kernel SCTP transport protocol was found in the way user triggers malicious SCTP packets. A remote user could use this flaw to crash the system. The bug actual only for systems where SCTP protocol being enabled...

7.8CVSS5.8AI score0.00151EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/10/29 12:20 a.m.7 views

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.8CVSS7.1AI score0.00178EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.2 views

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2025-21640)

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookiehmacalg: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

5.5CVSS6.1AI score0.00229EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986648)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986648 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: break out if skbheaderpointer returns NULL in sctprcvootb We should always check if...

5.5CVSS6.1AI score0.00251EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.1 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-436290)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-436290 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseportaddsock. syzbot reported a null-ptr-deref while accessing...

5.5CVSS6.1AI score0.00226EPSS
Exploits0References3
OSV
OSV
added 2025/10/06 1:37 p.m.6 views

RLSA-2025:16919 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nfsd: don't ignore the return code of svcprocregister CVE-2025-22026 kernel: netsched: hfsc: Fix a UAF vulnerability in class handling CVE-2025-37797 kernel: firmware: armscpi: Ensure...

7.5CVSS6.5AI score0.00178EPSS
Exploits0References5
OSV
OSV
added 2025/09/29 12:0 a.m.8 views

ALSA-2025:16920 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: nfsd: don't ignore the return code of svcprocregister CVE-2025-22026 kernel: netsched: hfsc: Fix a UAF vulnerability in class...

7.8CVSS7.2AI score0.00178EPSS
Exploits0References10
AlmaLinux
AlmaLinux
added 2025/09/29 12:0 a.m.6 views

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nfsd: don't ignore the return code of svcprocregister CVE-2025-22026 kernel: netsched: hfsc: Fix a UAF vulnerability in class handling CVE-2025-37797 kernel: firmware: armscpi: Ensure...

7.8CVSS7.9AI score0.00178EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/09/22 12:0 a.m.2 views

CentOS 9 : kernel-5.14.0-617.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the kernel-5.14.0-617.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares...

7.8CVSS6AI score0.00151EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/09/20 8:8 a.m.4 views

sctp: initialize more fields in sctp_v6_from_sk()

...

5.5CVSS6.8AI score0.0016EPSS
Exploits0
OSV
OSV
added 2025/09/16 1:15 p.m.8 views

AZL-74706 CVE-2025-39812 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctpv6fromsk syzbot found that sin6scopeid was not properly initialized, leading to undefined behavior. Clear sin6scopeid and sin6flowinfo. BUG: KMSAN: uninit-value in sctpv6cmpaddr+0x887/0x8c0...

5.5CVSS5.6AI score0.0016EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 1:0 p.m.4 views

CVE-2025-39812 sctp: initialize more fields in sctp_v6_from_sk()

In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctpv6fromsk syzbot found that sin6scopeid was not properly initialized, leading to undefined behavior. Clear sin6scopeid and sin6flowinfo. BUG: KMSAN: uninit-value in sctpv6cmpaddr+0x887/0x8c0...

5.5CVSS6AI score0.0016EPSS
Exploits0References14
Cvelist
Cvelist
added 2025/09/15 2:1 p.m.6 views

CVE-2022-50243 sctp: handle the error returned from sctp_auth_asoc_init_active_key

In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctpauthasocinitactivekey When it returns an error from sctpauthasocinitactivekey, the activekey is actually not updated. The old shkey will be freeed while it's still used as active key in...

0.0015EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2025/09/06 8:1 a.m.8 views

sctp: linearize cloned gso packets in sctp_rcv

...

7.8CVSS7AI score0.00151EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/09/04 3:33 p.m.12 views

CVE-2025-38718 sctp: linearize cloned gso packets in sctp_rcv

In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uninitialized-memory bugs...

6.6AI score0.00151EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.6 views

PT-2025-35991

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of cloned GSO Generic Segmentation Offload packets within the SCTP Stream Control Transmission Protocol stack. Specifically, a...

7.8CVSS6.3AI score0.00151EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.6 views

The vulnerability of the sctp component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the sctp component in the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00207EPSS
Exploits0References15Affected Software8
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.7 views

The vulnerability of the sctp component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the sctp component in the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00207EPSS
Exploits0References15Affected Software8
BDU FSTEC
BDU FSTEC
added 2025/05/28 12:0 a.m.6 views

The vulnerability of the sctp component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the sctp component in the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00224EPSS
Exploits0References15Affected Software9
BDU FSTEC
BDU FSTEC
added 2025/05/09 12:0 a.m.6 views

The vulnerability of the sctp_sf_do_dupcook_a() function in the net/sctp/sm_statefuns.c module of the SCTP protocol implementation in the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the sctpsfdodupcooka function in the net/sctp/smstatefuns.c module of the Linux operating system’s SCTP protocol implementation is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.8CVSS6.7AI score0.0025EPSS
Exploits0References19Affected Software2
Rows per page
Query Builder