UBUNTU-CVE-2025-71304

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...

CVE-2025-71304

The CVE-2025-71304 entry describes a Linux kernel Smack issue where /smack/doi could accept values that were previously written, causing decommissioned DOIs to linger and the default domain map to be unavailable. This behavior can disable networking for non-ambient labels because existing CIPSO/D...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from writing values from the /smack/doi module. By writing values that have been previously used, it is...

Linux Distros Unpatched Vulnerability : CVE-2025-71304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient...

The vulnerability of the cipso_v4_doi_free() function in the net/ipv4/cipso_ipv4.c module of the Linux operating system’s IPv4 kernel implementation allows a attacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the cipsov4doifree function in the net/ipv4/cipsoipv4.c module of the Linux operating system’s IPv4 kernel implementation is related to improper memory release before deleting the last pointer memory leak. Exploiting this vulnerability could allow an attacker to compromise th...

DEBIAN-CVE-2023-52698

In the Linux kernel, the following vulnerability has been resolved: calipso: fix memory leak in netlblcalipsoaddpass If IPv6 support is disabled at boot ipv6.disable=1, the calipsoinit - netlblcalipsoopsregister function isn't called, and the netlblcalipsoopsget function always returns NULL. In...

SUSE CVE-2021-33033

The Linux kernel before 5.11.14 has a use-after-free in cipsov4genopt in net/ipv4/cipsoipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2022-0014)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in shownumastats because NU...

CLSA-2022-1650986488 Fix of CVE: CVE-2020-0466, CVE-2022-0492, CVE-2021-4155, CVE-2021-0920

cgroup-v1: Require capabilities to set releaseagent ELSCVE-3555 CVE-2022-0492 - xfs: map unwritten blocks in XFSIOCALLOC,FREESP just like fallocate ELSCVE-3891 CVE-2021-4155 - afunix: fix garbage collect vs MSGPEEK ELSCVE-3728 CVE-2021-0920 - epoll: Keep a reference on files added to the check...

AZL-6561 CVE-2021-33033 affecting package kernel for versions less than 5.10.78.1-1

The Linux kernel before 5.11.14 has a use-after-free in cipsov4genopt in net/ipv4/cipsoipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value...

DEBIAN-CVE-2021-33033

The Linux kernel before 5.11.14 has a use-after-free in cipsov4genopt in net/ipv4/cipsoipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value...

Design/Logic Flaw

The Linux kernel before 5.11.14 has a use-after-free in cipsov4genopt in net/ipv4/cipsoipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value...

CVE-2021-33033

The Linux kernel before 5.11.14 has a use-after-free in cipsov4genopt in net/ipv4/cipsoipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value...

CVE-2021-33033

The Linux kernel before 5.11.14 has a use-after-free in cipsov4genopt in net/ipv4/cipsoipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value...

A week in security (September 14 – 20)

Last week on Malwarebytes Labs, we looked at Fintech industry developments, specifically the differences between Europe and the US, and we analyzed how some charities and the advertising industry are tied together. We also told readers about what companies can do to counter domain name abuse. In...

UBUNTU-CVE-2007-6762

In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabelcipsov4.c where it is possible to overflow the doidef-tags array...

Android Scoring System Roots out Malicious, Harmful Apps

Google’s crusade against malicious and potentially harmful apps PHA in the Android ecosystem is a complex endeavor anchored by its Verify Apps malware scanner and a scoring system that flags potential problems before they multiply. The system, called Dead or Insecure DOI, has been effective in...

CVE-2015-3204

libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service daemon restart via an IKEv1 packet with 1 unassigned bits set in the IPSEC DOI value or 2 the next payload value set to ISAKMPNEXTSAK...

Unfixed XSS vulnerability at www.sciencemag.org

Security researcher Stacker, has submitted on 27/06/2008 a cross-site-scripting XSS vulnerability affecting www.sciencemag.org, which at the time of submission ranked 8713 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/06/2009. It is...