297 matches found
CVE-2026-23048 udp: call skb_orphan() before skb_attempt_defer_free()
In the Linux kernel, the following vulnerability has been resolved: udp: call skborphan before skbattemptdeferfree Standard UDP receive path does not use skb-destructor. But skmsg layer does use it, since it calls skbsetownersksafe from udpreadskb. This then triggers this warning in...
EUVD-2026-5499
In the Linux kernel, the following vulnerability has been resolved: udp: call skborphan before skbattemptdeferfree Standard UDP receive path does not use skb-destructor. But skmsg layer does use it, since it calls skbsetownersksafe from udpreadskb. This then triggers this warning in...
CVE-2026-23048 udp: call skb_orphan() before skb_attempt_defer_free()
In the Linux kernel, the following vulnerability has been resolved: udp: call skborphan before skbattemptdeferfree Standard UDP receive path does not use skb-destructor. But skmsg layer does use it, since it calls skbsetownersksafe from udpreadskb. This then triggers this warning in...
SUSE CVE-2025-71148
In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...
CVE-2025-71148
In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...
UBUNTU-CVE-2025-71148
In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...
CVE-2025-71148
In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...
CVE-2025-71148
CVE-2025-71148 affects the Linux kernel networking code (net/handshake). The issue: handshake_req_submit() overwrites sk->sk_destruct on submission, but does not restore it if an error occurs before hashing, causing handshake_sk_destruct() to return early and leak the socket. The fix is to res...
CVE-2025-71148 net/handshake: restore destructor on submit failure
In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...
CVE-2025-71148 net/handshake: restore destructor on submit failure
In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...
Linux Kernel Security Vulnerabilities
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to restore the socket destructor during submission, potentially leading to socket lea...
Linux Distros Unpatched Vulnerability : CVE-2025-71148
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruc...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003107)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003107 advisory. The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: tcpbpf: The function tcpbpfsendverdict fails to allocate psock-cork when called, and skmsgfree must be called instead. syzbot reported the following issue: 0 The reproduction of the issue involves the following steps: 1. Load a...
CVE-2025-15438
A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The...
CVE-2025-15438 PluXml Media Management medias.php __destruct deserialization
A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The...
PT-2026-6118
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the standard UDP receive path does not utilize skb-destructor, but the skmsg layer does through a call to skb set owner sk safe from udp read skb...
EUVD-2022-55778
In the Linux kernel, the following vulnerability has been resolved: mptcp: use proper req destructor for IPv6 Before, only the destructor from TCP request sock in IPv4 was called even if the subflow was IPv6. It is important to use the right destructor to avoid memory leaks with some advanced IPv...
CVE-2022-50783
In the Linux kernel, the following vulnerability has been resolved: mptcp: use proper req destructor for IPv6 Before, only the destructor from TCP request sock in IPv4 was called even if the subflow was IPv6. It is important to use the right destructor to avoid memory leaks with some advanced IPv...
UBUNTU-CVE-2022-50783
In the Linux kernel, the following vulnerability has been resolved: mptcp: use proper req destructor for IPv6 Before, only the destructor from TCP request sock in IPv4 was called even if the subflow was IPv6. It is important to use the right destructor to avoid memory leaks with some advanced IPv...