Lucene search
+L

16 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007342)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007342 advisory. In the Linux kernel, the following vulnerability has been resolved: smc: Use skdstget and dstdevrcu in smcclcprfxmatch. smcclcprfxmatch is called from smclistenwork...

5.6AI score0.0017EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/09 5:3 p.m.4 views

kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()

A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...

5.8AI score0.0017EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/15 12:0 a.m.13 views

RockyLinux 8 : kernel (RLSA-2026:2264)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2264 advisory. kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it CVE-2025-38403 kernel: net: use dstdevrcu in sksetupcaps CVE-2025-40170...

7.8CVSS7AI score0.0071EPSS
Exploits0References17
BDU FSTEC
BDU FSTEC
added 2025/12/26 12:0 a.m.5 views

The vulnerability of the dst_dev_rcu() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the dstdevrcu function in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...

7CVSS5.8AI score0.0017EPSS
Exploits0References5Affected Software4
UbuntuCve
UbuntuCve
added 2025/12/16 2:15 p.m.4 views

CVE-2025-68188

In the Linux kernel, the following vulnerability has been resolved: tcp: use dstdevrcu in tcpfastopenactivedisableofocheck Use RCU to avoid a pair of atomic operations and a potential UAF on dstdev-flags...

5.7AI score0.00172EPSS
Exploits0References10
CVE
CVE
added 2025/12/16 1:43 p.m.34 views

CVE-2025-68188

CVE-2025-68188 concerns the Linux kernel TCP Fast Open code. The vulnerability arises from using dst_dev()->flags without proper RCU protection in tcp_fastopen_active_disable_ofo_check(), risking a use-after-free of the network device structure. A fix was applied to use dst_dev_rcu() to synchr...

6.1AI score0.00172EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-68188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tcp: use dstdevrcu in tcpfastopenactivedisableofocheck Use RCU to avoid a pair of atomic operations and a potential UAF on dstdev-flags. CVE-2025-68188 Note tha...

7AI score0.00172EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2025/11/13 1:2 a.m.4 views

net: use dst_dev_rcu() in sk_setup_caps()

...

7AI score0.00188EPSS
Exploits0
NVD
NVD
added 2025/11/12 11:15 a.m.13 views

CVE-2025-40170

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

0.00188EPSS
Exploits0References3
OSV
OSV
added 2025/11/12 11:15 a.m.13 views

AZL-78389 CVE-2025-40149 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

7.8CVSS5.8AI score0.00157EPSS
Exploits0References1
NVD
NVD
added 2025/11/12 11:15 a.m.5 views

CVE-2025-40133

In the Linux kernel, the following vulnerability has been resolved: mptcp: Use skdstget and dstdevrcu in mptcpactiveenable. mptcpactiveenable is called from subflowfinishconnect, which is icsk-icskafops-skrxdstset and it's not always under RCU. Using skdstgetsk-dev could trigger UAF. Let's use...

0.00194EPSS
Exploits0References3
OSV
OSV
added 2025/11/12 11:15 a.m.17 views

UBUNTU-CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

7.8CVSS6.5AI score0.00157EPSS
Exploits0References32
ATTACKERKB
ATTACKERKB
added 2025/11/12 10:23 a.m.3 views

CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

5.1AI score0.00157EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2025/11/12 10:23 a.m.4 views

CVE-2025-40139

In the Linux kernel, the following vulnerability has been resolved: smc: Use skdstget and dstdevrcu in in smcclcprfxset. smcclcprfxset is called during connect and not under RCU nor RTNL. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and devdstrcu under rcureadlock after...

5.2AI score0.00182EPSS
Exploits0
EUVD
EUVD
added 2025/10/28 11:48 a.m.3 views

EUVD-2025-36454

In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...

6AI score0.0017EPSS
Exploits0References3
CVE
CVE
added 2025/10/28 11:48 a.m.32 views

CVE-2025-40074

The CVE-2025-40074 entry concerns a Linux kernel IPv4 issue resolved by updating core networking paths to prevent use-after-free (UAF) scenarios. Specifically, the patch shifts the kernel toward start_using dst_dev_rcu() for ipv4 paths and adjusts icmpv4_xrlim_allow() and ip_defrag() to mitigate ...

6.2AI score0.0017EPSS
Exploits0References2
Rows per page
Query Builder