CVE-2026-53292

The CVE concerns the Linux kernel phonet code path where pn_socket_autobind() could trigger a kernel BUG_ON() when a failed bind returns -EINVAL but pn_port() remains 0. The root cause is that pn_socket_bind() could return -EINVAL when sk->sk_state is not TCP_CLOSE even if the socket was never...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: SCTP: Set skstate back to CLOSED if autobind fails in sctplistenstart. In sctplistenstart called by sctpinetlisten, it should set skstate back to CLOSED if sctpautobind fails for any reason. Otherwise, the next time...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY. It is possible for a vsock to automatically bind itself to VMADDRPORTANY. This can lead to a “use-after-free” issue when a connection is made to the bound socket. The socket returned ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ip: Fixed a data race related to sysctlipautobindreuse. When reading sysctlipautobindreuse, it can be changed concurrently. Therefore, we need to add READONCE to its reader function...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005562)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005562 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: set skstate back to CLOSED if autobind fails in sctplistenstart In sctplistenstart invoked ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989633)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989633 advisory. In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctlipautobindreuse. While reading sysctlipautobindreuse, it can be...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987176)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987176 advisory. In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctlipautobindreuse. While reading sysctlipautobindreuse, it can be...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-385515)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-385515 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: set skstate back to CLOSED if autobind fails in sctplistenstart In sctplistenstart invoked ...

EUVD-2025-11176

Malicious code in bioql PyPI...

EUVD-2025-26085

Malicious code in bioql PyPI...

ax25: Remove broken autobind

...

CVE-2025-38618 vsock: Do not allow binding to VMADDR_PORT_ANY

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept also has port...

CVE-2025-38618 vsock: Do not allow binding to VMADDR_PORT_ANY

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept also has port...

CVE-2025-38618

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept also has port...

Linux Distros Unpatched Vulnerability : CVE-2025-22109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ax25: Remove broken autobind Binding AX25 socket by using the autobind feature leads to memory leaks in ax25connect and also refcount leaks in ax25release. Memo...

SUSE CVE-2025-22109

In the Linux kernel, the following vulnerability has been resolved: ax25: Remove broken autobind Binding AX25 socket by using the autobind feature leads to memory leaks in ax25connect and also refcount leaks in ax25release. Memory leak was detected with kmemleak:...

CVE-2025-22109

In the Linux kernel, the following vulnerability has been resolved: ax25: Remove broken autobind Binding AX25 socket by using the autobind feature leads to memory leaks in ax25connect and also refcount leaks in ax25release. Memory leak was detected with kmemleak:...

DEBIAN-CVE-2025-22109

In the Linux kernel, the following vulnerability has been resolved: ax25: Remove broken autobind Binding AX25 socket by using the autobind feature leads to memory leaks in ax25connect and also refcount leaks in ax25release. Memory leak was detected with kmemleak:...

AZL-62531 CVE-2025-22109 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: ax25: Remove broken autobind Binding AX25 socket by using the autobind feature leads to memory leaks in ax25connect and also refcount leaks in ax25release. Memory leak was detected with kmemleak:...

AZL-69599 CVE-2025-22109 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ax25: Remove broken autobind Binding AX25 socket by using the autobind feature leads to memory leaks in ax25connect and also refcount leaks in ax25release. Memory leak was detected with kmemleak:...