18 matches found
SUSE CVE-2026-31663
In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transportfinish NFHOOK After async crypto completes, xfrminputresume calls devput immediately on re-entry before the skb reaches transportfinish. The skb-dev pointer is then used inside NFHOOK and i...
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transportfinish NFHOOK After async crypto completes, xfrminputresume calls devput immediately on re-entry before the skb reaches transportfinish. The skb-dev pointer is then used inside NFHOOK and i...
CVE-2026-31663
The CVE-2026-31663 vulnerability affects the Linux kernel xfrm subsystem, where a race between asynchronous crypto completion and device teardown could lead to using a freed dev reference. The fix changes the reference handling: the dev ref is no longer released on async resume entry and is inste...
CVE-2026-31663
In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transportfinish NFHOOK After async crypto completes, xfrminputresume calls devput immediately on re-entry before the skb reaches transportfinish. The skb-dev pointer is then used inside NFHOOK and i...
EUVD-2026-25556
In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transportfinish NFHOOK After async crypto completes, xfrminputresume calls devput immediately on re-entry before the skb reaches transportfinish. The skb-dev pointer is then used inside NFHOOK and i...
CVE-2026-31518 esp: fix skb leak with espintcp and async crypto
In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp and async crypto When the TX queue for espintcp is full, espoutputtailtcp will return an error and not free the skb, because with synchronous crypto, the common xfrm output code will drop the packe...
SUSE-SU-2026:20852-1 Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: - CVE-2025-38488: smb: client: fix use-after-free in cryptmessage when using async crypto bsc1247240. - CVE-2025-40258: mptcp: fix race condition in mptcpschedulewor...
Security update for the Linux Kernel (Live Patch 66 for SUSE Linux Enterprise 12 SP5)
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.250 fixes various security issues The following security issues were fixed: CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage bsc1250785. CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant...
smb: client: fix use-after-free in crypt_message when using async crypto
...
AZL-73458 CVE-2025-38488 affecting package kernel for versions less than 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...
DEBIAN-CVE-2025-38488
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...
PT-2025-31084
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free condition exists in the SMB client within the Linux kernel's crypt message function when asynchronous cryptography is utilized. The initial fix for CVE-2024-50047 remove...
kernel: tipc: force a dst refcount before doing decryption
A vulnerability was found in the Linux kernel's TIPC module, where a reference count on the destination entry was not enforced before decryption. This issue arises due to potential asynchronous returns from crypto requests, which could lead to crash...
kernel: tipc: force a dst refcount before doing decryption
A vulnerability was found in the Linux kernel's TIPC module, where a reference count on the destination entry was not enforced before decryption. This issue arises due to potential asynchronous returns from crypto requests, which could lead to crash...
kernel: tipc: force a dst refcount before doing decryption
A vulnerability was found in the Linux kernel's TIPC module, where a reference count on the destination entry was not enforced before decryption. This issue arises due to potential asynchronous returns from crypto requests, which could lead to crash...
SUSE CVE-2024-40983
In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 "xfrm: Force a dst refcount before entering the xfrm type handlers": "Crypto requests might return asynchronous. In this case we leave the rcu...
kernel: tls: race between async notify and socket close
A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread that calls recvmsg/sendmsg may exit as soon as the async crypto handler calls complete; any code past that point risks touching already freed data. This could lead to a use-after-free issue an...
DEBIAN-CVE-2024-26584
In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTOTFMREQMAYBACKLOG flag on our requests to the crypto API, cryptoaeadencrypt,decrypt can return -EBUSY instead of -EINPROGRESS in valid situations. For...