Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a call to kfreeskb when allocskb fails in x25queuerxframe, which can be exploited b...

EUVD-2025-5151

Malicious code in bioql PyPI...

EUVD-2025-5157

Malicious code in bioql PyPI...

SUSE CVE-2025-21758

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mldnewpack mldnewpack can be called without RTNL or RCU being held. Note that we no longer can use sockallocsendskb because ipv6.igmpsk uses GFPKERNEL allocations which can sleep. Instead use...

SUSE CVE-2025-21759

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6send igmp6send can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use...

CVE-2025-21758

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mldnewpack mldnewpack can be called without RTNL or RCU being held. Note that we no longer can use sockallocsendskb because ipv6.igmpsk uses GFPKERNEL allocations which can sleep. Instead use...

CVE-2025-21759 ipv6: mcast: extend RCU protection in igmp6_send()

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6send igmp6send can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use...

CVE-2025-21758

CVE-2025-21758 : Linux kernel vulnerability where ipv6 multicast handling (mld_newpack) could be called without RTNL or RCU protection. The fix adds RCU protection to mld_newpack and changes allocations from GFP_KERNEL to alloc_skb, charging the net->ipv6.igmp_sk socket under RCU protection. P...

CVE-2022-48830 can: isotp: fix potential CAN frame reception race in isotp_rcv()

In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix potential CAN frame reception race in isotprcv When receiving a CAN frame the current code logic does not consider concurrently receiving processes which do not show up in real world usage. Ziyang Xuan writes: The...

CVE-2023-52772 af_unix: fix use-after-free in unix_stream_read_actor()

In the Linux kernel, the following vulnerability has been resolved: afunix: fix use-after-free in unixstreamreadactor syzbot reported the following crash 1 After releasing unix socket lock, u-oobskb can be changed by another thread. We must temporarily increase skb refcount to make sure this othe...