15 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ipvs: fixed the NULL pointer dereference in the route error path of ipv4 null-ptr-deref. The IPv4 code path in ipvsgetoutrt calls dstlinkfailure, without ensuring that skb-dev is set. This leads to a NULL pointer dereference in...
ovn: ovn: Heap Over-Read in ICMP Error Response Generation
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...
CVE-2026-5265
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...
CVE-2026-5265
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...
UBUNTU-CVE-2025-68813
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...
CVE-2025-68813
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...
CVE-2025-68813
The CVE-2025-68813 affects the Linux kernel IPVS IPv4 route error path. A NULL pointer dereference occurs when dst_link_failure() is called with skb->dev unset, leading to ipv4_link_failure() → ipv4_send_dest_unreach() → fib_compute_spec_dst() dereferencing skb->dev. The root cause is that ...
PT-2026-2545
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.114 Description The Linux kernel contains a flaw within the IPv4 code path in the ip vs get out rt function. This function can call dst link failure without verifying that skb-dev is set, leading to a NULL...
AZL-54735 CVE-2024-56647 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...
Kernel: ipv4: null pointer dereference in ipv4_send_dest_unreach()
...
The vulnerability of the ipv4_send_dest_unreach() function in the net/ipv4/route.c module of the Linux operating system allows a attacker to cause a service failure.
The vulnerability of the ipv4senddestunreach function in the net/ipv4/route.c module of the Linux kernel is related to the assignment of a null pointer. Exploitation of this vulnerability could allow an attacker to cause a service failure...
SUSE CVE-2005-0066
The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged aka "TCP acknowledgement number checking", which makes it easier for...
SUSE CVE-2005-0068
The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using 1 blind connection-reset attacks with forged...
CVE-2020-25705
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...
TCP/IP implementations do not adequately validate ICMP error messages
Overview Multiple TCP/IP implementations do not adequately validate ICMP error messages. A remote attacker could cause TCP connections to drop or be degraded using spoofed ICMP error messages. Description A number of widely accepted Internet standards describe different aspects of the relationshi...