CVE-2025-22089 RDMA/core: Don't expose hw_counters outside of init net namespace

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hwcounters outside of init net namespace Commit 467f432a521a "RDMA/core: Split port and device counter sysfs attributes" accidentally almost exposed hw counters to non-init net namespaces. It didn't expose...

CVE-2025-22089

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hwcounters outside of init net namespace Commit 467f432a521a "RDMA/core: Split port and device counter sysfs attributes" accidentally almost exposed hw counters to non-init net namespaces. It didn't expose...

CVE-2025-22089

The CVE-2025-22089 issue affects the Linux kernel RDMA core code. Root cause: an incorrect container_of cast in hw_stat_device_show caused memory corruption by exposing hw_counters outside the init net namespace. Impact: reading hw_counters in non-init namespaces could crash the kernel (NULL dere...

CVE-2025-22057 net: decrease cached dst counters in dst_release

In the Linux kernel, the following vulnerability has been resolved: net: decrease cached dst counters in dstrelease Upstream fix ac888d58869b "net: do not delay dstentriesadd in dstrelease" moved decrementing the dst count from dstdestroy to dstrelease to avoid accessing already freed data in cas...

CVE-2025-22057

In the Linux kernel, the following vulnerability has been resolved: net: decrease cached dst counters in dstrelease Upstream fix ac888d58869b "net: do not delay dstentriesadd in dstrelease" moved decrementing the dst count from dstdestroy to dstrelease to avoid accessing already freed data in cas...

CVE-2025-22057

CVE-2025-22057 : In the Linux kernel, the fix for an issue with decreasing cached dst counters in dst_release was incomplete when CONFIG_DST_CACHE is enabled and OvS tunnels are used, potentially leading to a kernel NULL page fault during dst cache destruction. The upstream patch moves the decrem...

CVE-2025-22057 net: decrease cached dst counters in dst_release

In the Linux kernel, the following vulnerability has been resolved: net: decrease cached dst counters in dstrelease Upstream fix ac888d58869b "net: do not delay dstentriesadd in dstrelease" moved decrementing the dst count from dstdestroy to dstrelease to avoid accessing already freed data in cas...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from RDMA exposing hwcounters in non-init netns, which could lead to null pointer dereferences...

The vulnerability of the page_alloc component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the pagealloc component in Linux operating systems is related to errors during the update of the link counters. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the loongarch component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the loongarch component in the Linux operating system’s kernel is related to errors during the update of the link counters. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the HFSPlus file system driver of the Grub2 operating system allows a attacker to trigger a service failure.

The vulnerability of the HFSPlus file system driver of the Grub2 operating system is related to improper manipulation of the link counter for resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

PT-2025-16697

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the handling of cached destination counters in the dst release function. When CONFIG DST CACHE is enabled and Open vSwit...

CVE-2025-21971 net_sched: Prevent creation of classes with TC_H_ROOT

In the Linux kernel, the following vulnerability has been resolved: netsched: Prevent creation of classes with TCHROOT The function qdisctreereducebacklog uses TCHROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created wi...

CVE-2025-21971

CVE-2025-21971 in the Linux kernel net_sched subsystem: creation of a Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) could terminate traversal early during qdisc tree walk, causing incorrect root backlog statistics and potential CRASH in DRR. The fix prevents creating any Qdisc class with TC_H_R...

CVE-2025-26939

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Counters Block counters-block allows Stored XSS.This issue affects Counters Block: from n/a through = 1.1.2...

SUSE CVE-2022-49394

In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix inflight count imbalances and IO hangs on offline iolatency needs to track the number of inflight IOs per cgroup. As this tracking can be expensive, it is disabled when no cgroup has iolatency configured for th...

DEBIAN-CVE-2022-49394

In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix inflight count imbalances and IO hangs on offline iolatency needs to track the number of inflight IOs per cgroup. As this tracking can be expensive, it is disabled when no cgroup has iolatency configured for th...

UBUNTU-CVE-2022-49394

In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix inflight count imbalances and IO hangs on offline iolatency needs to track the number of inflight IOs per cgroup. As this tracking can be expensive, it is disabled when no cgroup has iolatency configured for th...

UBUNTU-CVE-2022-49372

In the Linux kernel, the following vulnerability has been resolved: tcp: tcprtxsynack can be called from process context Laurent reported the enclosed report 1 This bug triggers with following coditions: 0 Kernel built with CONFIGDEBUGPREEMPT=y 1 A new passive FastOpen TCP socket is created. This...

CVE-2025-26939

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Counters Block counters-block allows Stored XSS.This issue affects Counters Block: from n/a through = 1.1.2...