11 matches found
EUVD-2026-32384
In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - don't deref NULL sksocket member after tcpclose When deleting a peer in case of keepalive expiration, the peer is removed from the OpenVPN hashtable and is temporary inserted in a "release list" for further processing...
CVE-2026-45918
In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - don't deref NULL sksocket member after tcpclose When deleting a peer in case of keepalive expiration, the peer is removed from the OpenVPN hashtable and is temporary inserted in a "release list" for further processing...
UBUNTU-CVE-2026-45918
In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - don't deref NULL sksocket member after tcpclose When deleting a peer in case of keepalive expiration, the peer is removed from the OpenVPN hashtable and is temporary inserted in a "release list" for further processing...
CVE-2026-45918
The CVE-2026-45918 entry describes a race condition in the Linux kernel related to OpenVPN keepalive processing. When a peer is removed from the hashtable and placed on a release list, the code detaches from the socket by restoring the original protocol and socket callbacks. If userspace closes t...
CVE-2026-45918 ovpn: tcp - don't deref NULL sk_socket member after tcp_close()
In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - don't deref NULL sksocket member after tcpclose When deleting a peer in case of keepalive expiration, the peer is removed from the OpenVPN hashtable and is temporary inserted in a "release list" for further processing...
CVE-2026-43216
In the Linux kernel, the following vulnerability has been resolved: net: Drop the lock in skbmaytxtimestamp skbmaytxtimestamp may acquire sock::skcallbacklock. The lock must not be taken in IRQ context, only softirq is okay. A few drivers receive the timestamp via a dedicated interrupt and comple...
CVE-2026-43216
In the Linux kernel, the following vulnerability has been resolved: net: Drop the lock in skbmaytxtimestamp skbmaytxtimestamp may acquire sock::skcallbacklock. The lock must not be taken in IRQ context, only softirq is okay. A few drivers receive the timestamp via a dedicated interrupt and comple...
CVE-2026-23179
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmettcplistendataready When the socket is closed while in TCPLISTEN a callback is run to flush all outstanding packets, which in turns calls nvmettcplistendataready with the skcallbacklock held. So we ne...
CVE-2026-23179 nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmettcplistendataready When the socket is closed while in TCPLISTEN a callback is run to flush all outstanding packets, which in turns calls nvmettcplistendataready with the skcallbacklock held. So we ne...
DEBIAN-CVE-2024-26731
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in skpsockverdictdataready syzbot reported the following NULL pointer dereference issue 1: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:0x0 ... Call Trac...
UBUNTU-CVE-2024-26731
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in skpsockverdictdataready syzbot reported the following NULL pointer dereference issue 1: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:0x0 ... Call Trac...