CVE-2026-10643

Zephyr's IP socket recvmsg implementation subsys/net/lib/sockets/socketsinet.c, insertpktinfo validated the user-supplied ancillary msgcontrol buffer using only the payload length msg-msgcontrollen pktinfolen before writing a full control message consisting of an aligned cmsg header plus the...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: rds: Fixed a memory leak in rdsrecvmsg. Syzbot reported a memory leak in rds. The problem occurred when the reference count was not decremented in case of an error. The function rdsrecvmsgstruct socket sock, struct msghdr ms...

PT-2026-47608

Name of the Vulnerable Software and Affected Versions Netty affected versions not specified Description A file descriptor leak occurs in the netty unix socket recvFd function when a peer sends two file descriptors simultaneously via an SCM RIGHTS control message. The system allocates a control...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002818)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002818 advisory. The ipcmsgrecvchecksum function in net/ipv4/ipsockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003510)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003510 advisory. In the Linux kernel through 4.14.13, the rdscmsgatomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leadin...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002802)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002802 advisory. The ipcmsgrecvchecksum function in net/ipv4/ipsockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000639)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000639 advisory. The llccmsgrcv function in net/llc/afllc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive...

ROS-20260113-7319

A vulnerability in the ipcmsgrecv function of the Linux operating system kernel is related to information disclosure due to discrepancies. Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...

MAL-2025-14768 Malicious code in arc-branch-to-cmsg (npm)

The package arc-branch-to-cmsg was found to contain malicious code...

Malicious code in arc-branch-to-cmsg (npm)

The package arc-branch-to-cmsg was found to contain malicious code...

The vulnerability of the ip_cmsg_recv() function in the Linux operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the ipcmsgrecv function in the Linux operating system is related to the disclosure of information due to discrepancies. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Malicious code in branch-to-cmsg (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-1838 Malicious code in branch-to-cmsg (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2023-52701

In the Linux kernel, the following vulnerability has been resolved: net: use a bounce buffer for copying skb-mark syzbot found arm64 builds would crash in sockrecvmark when CONFIGHARDENEDUSERCOPY=y x86 and powerpc are not detecting the issue because they define useraccessbegin. This will be handl...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.323.8.el7 - vhost-scsi: Fix alignment handling with windows Mike Christie Orabug: 35769318 - Revert 'vhost/scsi: support non zerocopy iovecs' Rajan Shanmugavelu Orabug: 35769318 5.4.17-2136.323.7.el7 - x86: change default to specstorebypassdisable=prctl spectrev2user=prctl Andrea...

Malicious Package

Overview branch-to-cmsg is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...

SUSE CVE-2017-6347

The ipcmsgrecvchecksum function in net/ipv4/ipsockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service buffer over-read or possibly have unspecified other impact via crafted system calls, as demonstrated b...

PT-2024-11256 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak has been resolved in the Linux kernel, specifically in the rds recvmsg function. The issue was caused by an unputted refcount in case of error. When rds cmsg recv fails,...

kernel: Null pointer dereference in rds_atomic_free_op() allowing denial-of-service

In the Linux kernel through 4.14.13, the rdscmsgatomic function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user. This can lead to a NULL pointer dereference in rdsatomicfreeop and thus to a system panic...

DEBIAN-CVE-2018-5333

In the Linux kernel through 4.14.13, the rdscmsgatomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rdsatomicfreeop NULL pointer dereference...