8 matches found
kernel: xfrm: interface: fix use-after-free after changing collect_md xfrm interface
In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collectmd xfrm interface collectmd property on xfrm interfaces can only be set on device creation, thus xfrmichangelink should fail when called on such interfaces. The check to...
can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode
...
SUSE CVE-2025-38500
In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collectmd xfrm interface collectmd property on xfrm interfaces can only be set on device creation, thus xfrmichangelink should fail when called on such interfaces. The check to...
AZL-66246 CVE-2025-38500 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collectmd xfrm interface collectmd property on xfrm interfaces can only be set on device creation, thus xfrmichangelink should fail when called on such interfaces. The check to...
CVE-2025-38500 xfrm: interface: fix use-after-free after changing collect_md xfrm interface
In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collectmd xfrm interface collectmd property on xfrm interfaces can only be set on device creation, thus xfrmichangelink should fail when called on such interfaces. The check to...
CVE-2025-38500
CVE-2025-38500 : In the Linux kernel, a use-after-free could occur when changing xfrm interface collect_md state via xfrmi_changelink(), because the collect_md interface could be placed in both xfrmi_net and collect_md_xfrmi structures. The fix uses the xi from netdev_priv earlier in the path to ...
kernel: vlan: fix memory leak in vlan_newlink()
In the Linux kernel, the following vulnerability has been resolved: vlan: fix memory leak in vlannewlink Blamed commit added back a bug I fixed in commit 9bbd917e0bec "vlan: fix memory leak in vlandevsetegresspriority" If a memory allocation fails in vlanchangelink after other allocations...
PullString: Eternal "change password" link.
Hi. Link for password change does not exprire after first use and may be reused many times, resulting password change every time. The issue is such links leak to google-analytics. I'd suggest expire link after first use. Also you store the link in Log output. This means easy leveraging XSS to...