9 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007224)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007224 advisory. In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS...
MiracleLinux 7 : nss-3.28.4-12.el7 (AXSA:2017-2308:05)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-2308:05 advisory. A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw ...
CVE-2025-47917
Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtlsx509stringtonames takes a head argument that is documented as an output argument. The documentation does not suggest that the function...
LSN-0108-1: Kernel Live Patch Security Notice
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...
EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2024-2140)
"According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: kyber: fix out of bounds access when preempted...
kernel: tls: use-after-free with partial reads and async decrypt
A use-after-free vulnerability was found in the tls subsystem of the Linux kernel. The tlsdecryptsg function doesn't take references on the pages from clearskb, so the putpage in tlsdecryptdone releases them and a use-after-free can be triggered in processrxlist when trying to read from the...
UBUNTU-CVE-2021-47131
In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tlsdevicedown is called to stop the offload and tear down the TLS context. However, the socket stays alive, and it...
SUSE CVE-2024-26582
In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...
SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2021:0068-1)
This update for nodejs12 fixes the following issues : New upstream LTS version 12.20.1 : - CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object ...