80 matches found
DEBIAN-CVE-2022-50206
In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insnemulation sysctls emulationprochandler changes table-data for procdointvecminmax and can generate the following Oops if called concurrently with itself: | Unable to handle kernel NULL...
UBUNTU-CVE-2022-50206
In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insnemulation sysctls emulationprochandler changes table-data for procdointvecminmax and can generate the following Oops if called concurrently with itself: | Unable to handle kernel NULL...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: authenable: avoid using current-nsproxy As mentioned in a previous commit of this series, using the net structure via current is not recommended for various reasons: - Inconsistency: obtaining information from the...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release. The drvdata is not available in release. Let’s simply use containerof to obtain the ubd instance. Otherwise, removing a ubd device will result in a crash: RIP: 0033:blkmqfreetagset+0x1f/0xb...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: um: net: Do not use drvdata in release. The drvdata is not available in the release version. We should use containerof to obtain the umlnet instance. Otherwise, removing a network device will result in a crash: RIP:...
SUSE CVE-2025-21636
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: plpmtudprobeinterval: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info fro...
SUSE CVE-2025-21637
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udpport: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...
AZL-57223 CVE-2025-21636 affecting package kernel for versions less than 5.15.180.1-1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: plpmtudprobeinterval: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info fro...
DEBIAN-CVE-2025-21639
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rtomin/max: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...
AZL-57232 CVE-2025-21640 affecting package kernel for versions less than 5.15.179.1-1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookiehmacalg: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...
AZL-57228 CVE-2025-21638 affecting package kernel for versions less than 5.15.180.1-1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: authenable: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...
AZL-57225 CVE-2025-21639 affecting package kernel for versions less than 5.15.179.1-1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rtomin/max: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...
UBUNTU-CVE-2025-21636
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: plpmtudprobeinterval: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info fro...
CVE-2025-21641 mptcp: sysctl: blackhole timeout: avoid using current->nsproxy
In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: blackhole timeout: avoid using current-nsproxy As mentioned in the previous commit, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...
CVE-2025-21637 sctp: sysctl: udp_port: avoid using current->nsproxy
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udpport: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...
PT-2025-4322 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns the Linux kernel, specifically the mptcp subsystem and its handling of the blackhole timeout via sysctl. The problem arises from using the net structure via current,...
SUSE CVE-2024-53181
In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use containerof to get the vectordevice instance. Otherwise, removing a vector device will result in a crash: RIP:...
SUSE CVE-2024-53183
In the Linux kernel, the following vulnerability has been resolved: um: net: Do not use drvdata in release The drvdata is not available in release. Let's just use containerof to get the umlnet instance. Otherwise, removing a network device will result in a crash: RIP:...
SUSE CVE-2024-53184
In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release The drvdata is not available in release. Let's just use containerof to get the ubd instance. Otherwise, removing a ubd device will result in a crash: RIP: 0033:blkmqfreetagset+0x1f/0xba RSP:...
DEBIAN-CVE-2024-53181
In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use containerof to get the vectordevice instance. Otherwise, removing a vector device will result in a crash: RIP:...