181 matches found
CVE-2026-43037
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...
CVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...
CVE-2026-43038
In the Linux kernel, the following vulnerability has been resolved: ipv6: icmp: clear skb2-cb in ip6errgenicmpv6unreach Sashiko AI-review observed: In ip6errgenicmpv6unreach, the skb is an outer IPv4 ICMP error packet where its cb contains an IPv4 inetskbparm. When skb is cloned into skb2 and...
CVE-2026-43038
CVE-2026-43038 affects the Linux kernel IPv6 ICMP error path. A forged IPv4 ICMP error with CIPSO options could cause ip6_err_gen_icmpv6_unreach() to misinterpret an inner IPv4 inet_skb_parm as an IPv6 parameter, allowing an offset misreference (dsthao) that could enable out-of-bounds or memory a...
CVE-2026-43037
CVE-2026-43037 affects the Linux kernel; vulnerability arises from ip4ip6_err() using a cloned skb where the IPv6 receive path writes cb[] as inet6_skb_parm, which is then misinterpreted as IPv4 inet_skb_parm by __ip_options_echo(), causing a potential data leak/compromise. The fix includes clear...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from targetcorefile not initializing the kiwritestream field of aiocmd-iocb, which could result in a write comman...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006979)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006979 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc ...
PT-2026-36454
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ip4ip6 err function where it calls icmp send using a cloned socket buffer skb containing cb data written as struct inet6 skb parm. The icmp send function passes...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005755)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005755 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the struct aiokiocb conversion The first kiocbsetcancelfn argument...
kernel: ip6_vti: fix slab-use-after-free in decode_session6
A use-after-free vulnerability was found in the IPv6 VTI Virtual Tunnel Interface implementation in the Linux kernel. When an IPv6 VTI device uses the SFB Stochastic Fair Blue qdisc, the control block cb field of an skb can be modified during packet enqueuing. The decodesession6 function then rea...
kernel: ip6_vti: fix slab-use-after-free in decode_session6
A use-after-free vulnerability was found in the IPv6 VTI Virtual Tunnel Interface implementation in the Linux kernel. When an IPv6 VTI device uses the SFB Stochastic Fair Blue qdisc, the control block cb field of an skb can be modified during packet enqueuing. The decodesession6 function then rea...
CVE-2026-23059
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by firmware is used to calculate the copy length into item-iocb. However, the iocb member is...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992822)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992822 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2capreassemblesdu Fix the race condition between...
SUSE CVE-2025-68734
In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: hfcsusb: fix memory leak in hfcsusbprobe In hfcsusbprobe, the memory allocated for ctrlurb gets leaked when setupinstance fails with an error code. Fix that by freeing the urb before freeing the hw structure. Also...
CVE-2023-54039
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939tptxdatnew: fix out-of-bounds memory access In the j1939tptxdatnew function, an out-of-bounds memory access could occur during the memcpy operation if the size of skb-cb is larger than the size of struct...
CVE-2023-54039
The CVE-2023-54039 issue is in the Linux kernel’s CAN J1939 code, specifically j1939_tp_tx_dat_new(). The vulnerability arises when a memcpy uses skb->cb’s size, allowing an out-of-bounds read if skb->cb is larger than struct j1939_sk_buff_cb. The fix changes memcpy to use the size of struc...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improper modification of tcskbcb by the BPF program, which could lead to data corruption...
CVE-2023-53821
In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix slab-use-after-free in decodesession6 When ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6vti device sen...
SUSE CVE-2025-40290
In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a "xsk: Fix immature cq descriptor production", the descriptor number is stored in skb control block and xskcqsubmitaddrlocked relies on it to put the ume...
EUVD-2025-201616
In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a "xsk: Fix immature cq descriptor production", the descriptor number is stored in skb control block and xskcqsubmitaddrlocked relies on it to put the ume...