Lucene search
K

181 matches found

NVD
NVD
added 2026/05/01 3:16 p.m.7 views

CVE-2026-43037

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

9.8CVSS0.00563EPSS
Exploits0References43
Cvelist
Cvelist
added 2026/05/01 2:15 p.m.38 views

CVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

9.8CVSS0.00563EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/01 2:15 p.m.4 views

CVE-2026-43038

In the Linux kernel, the following vulnerability has been resolved: ipv6: icmp: clear skb2-cb in ip6errgenicmpv6unreach Sashiko AI-review observed: In ip6errgenicmpv6unreach, the skb is an outer IPv4 ICMP error packet where its cb contains an IPv4 inetskbparm. When skb is cloned into skb2 and...

5.7AI score0.00255EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/01 2:15 p.m.100 views

CVE-2026-43038

CVE-2026-43038 affects the Linux kernel IPv6 ICMP error path. A forged IPv4 ICMP error with CIPSO options could cause ip6_err_gen_icmpv6_unreach() to misinterpret an inner IPv4 inet_skb_parm as an IPv6 parameter, allowing an offset misreference (dsthao) that could enable out-of-bounds or memory a...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References23Affected Software1
CVE
CVE
added 2026/05/01 2:15 p.m.114 views

CVE-2026-43037

CVE-2026-43037 affects the Linux kernel; vulnerability arises from ip4ip6_err() using a cloned skb where the IPv6 receive path writes cb[] as inet6_skb_parm, which is then misinterpreted as IPv4 inet_skb_parm by __ip_options_echo(), causing a potential data leak/compromise. The fix includes clear...

9.8CVSS5.8AI score0.00563EPSS
Exploits0References43Affected Software1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.11 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from targetcorefile not initializing the kiwritestream field of aiocmd-iocb, which could result in a write comman...

7.5CVSS5.8AI score0.00358EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006979)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006979 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc ...

7.8CVSS6.1AI score0.00139EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-36454

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ip4ip6 err function where it calls icmp send using a cloned socket buffer skb containing cb data written as struct inet6 skb parm. The icmp send function passes...

10CVSS6AI score0.00563EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005755 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the struct aiokiocb conversion The first kiocbsetcancelfn argument...

5.5CVSS6.5AI score0.00247EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/26 4:25 a.m.11 views

kernel: ip6_vti: fix slab-use-after-free in decode_session6

A use-after-free vulnerability was found in the IPv6 VTI Virtual Tunnel Interface implementation in the Linux kernel. When an IPv6 VTI device uses the SFB Stochastic Fair Blue qdisc, the control block cb field of an skb can be modified during packet enqueuing. The decodesession6 function then rea...

6AI score0.00225EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/25 4:10 a.m.5 views

kernel: ip6_vti: fix slab-use-after-free in decode_session6

A use-after-free vulnerability was found in the IPv6 VTI Virtual Tunnel Interface implementation in the Linux kernel. When an IPv6 VTI device uses the SFB Stochastic Fair Blue qdisc, the control block cb field of an skb can be modified during packet enqueuing. The decodesession6 function then rea...

6AI score0.00225EPSS
Exploits0References5
NVD
NVD
added 2026/02/04 5:16 p.m.7 views

CVE-2026-23059

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by firmware is used to calculate the copy length into item-iocb. However, the iocb member is...

0.00168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992822)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992822 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2capreassemblesdu Fix the race condition between...

7.8CVSS6AI score0.00188EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/12/25 12:23 a.m.4 views

SUSE CVE-2025-68734

In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: hfcsusb: fix memory leak in hfcsusbprobe In hfcsusbprobe, the memory allocated for ctrlurb gets leaked when setupinstance fails with an error code. Fix that by freeing the urb before freeing the hw structure. Also...

5.5CVSS6.5AI score0.00165EPSS
Exploits0References17
UbuntuCve
UbuntuCve
added 2025/12/24 11:15 a.m.4 views

CVE-2023-54039

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939tptxdatnew: fix out-of-bounds memory access In the j1939tptxdatnew function, an out-of-bounds memory access could occur during the memcpy operation if the size of skb-cb is larger than the size of struct...

6AI score0.00161EPSS
Exploits0References7
CVE
CVE
added 2025/12/24 10:56 a.m.14 views

CVE-2023-54039

The CVE-2023-54039 issue is in the Linux kernel’s CAN J1939 code, specifically j1939_tp_tx_dat_new(). The vulnerability arises when a memcpy uses skb->cb’s size, allowing an out-of-bounds read if skb->cb is larger than struct j1939_sk_buff_cb. The fix changes memcpy to use the size of struc...

6.3AI score0.00161EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improper modification of tcskbcb by the BPF program, which could lead to data corruption...

6.1AI score0.00173EPSS
Exploits0References6
NVD
NVD
added 2025/12/09 4:17 p.m.7 views

CVE-2023-53821

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix slab-use-after-free in decodesession6 When ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6vti device sen...

0.00225EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2025/12/09 12:24 a.m.4 views

SUSE CVE-2025-40290

In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a "xsk: Fix immature cq descriptor production", the descriptor number is stored in skb control block and xskcqsubmitaddrlocked relies on it to put the ume...

6AI score0.00161EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/08 3:31 a.m.6 views

EUVD-2025-201616

In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a "xsk: Fix immature cq descriptor production", the descriptor number is stored in skb control block and xskcqsubmitaddrlocked relies on it to put the ume...

5.7AI score0.00161EPSS
Exploits0References4
Rows per page
Query Builder